One of my new favourite features in Apache is managed domains (MDomains). While before, you might need certbot or another client to manage the certificates and even massage the configuration, MDomains provides a nice idiomatic way to automatically fetch and install the certificates.
The linked documentation covers the basics better than I can, but it’s just a matter of adding an
MDomain directive for each virtual host (outside of the
VirtualHost block) and making sure they have TLS on. Some gotchas I noticed:
- You may need
MDCertificateAgreement acceptedin the config; this will pop up in the error log or in the JSON blob if you have the status route enabled.
- Make sure you’re listening on 443; at least on FreeBSD, it doesn’t, won’t tell you about if if your vhost is on 443.
That easy. I wish other software, or perhaps entire platforms would get the hint – ACME is here to stay, so let’s make it as easy as turning on TLS in the first place.