What is the difference between certbot and certbot-auto?

O

olegi2017-07-28 01:41:33

Nginx

olegi, 2017-07-28 01:41:33

Hello!
Was hosted on Debian 7, nginx. Installed certbot-auto according to official instructions - https://certbot.eff.org/#debianwheezy-nginx. Everything suited, he himself registered himself in the configs of the site files, himself in the crowns, etc.
After a couple of months, I had to move to Debian 8, nginx. And here, according to the official instructions, you need to use certbot from the package and work on ensuring that webroot is also specified and /.well-known/acme-challenge is available on port 80 from the Internet.
My question is - why doesn't certbot-auto need /.well-known/acme-challenge ? Or, if so, how does the Let'sEncrypt server perform the verification? Because /.well-known, etc. not found on disk. Or does he temporarily turn off Nginx for the duration of the check and start his web server standalone?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrey Mikhalev, 2017-07-28
@Endru9

As far as I remember, access to the file via http is needed to create and renew a certificate. And the check only works on http! Maybe things have changed now... don't know.
If you did NOT redirect from http to https, then no gestures needed to be done.
If a redirect from http has been configured, then in nginx (yes, even if apache, no difference), you must specify location and allow access to the directory via http.
According to the link that Vladimir provided, it only talks about automatic and manual installation of the certificate. With automatic certboot, it creates the necessary locations in the web server configs, with manual, you need to write these lines yourself (unexpectedly!)
Look at the article on wiki.debian, it may be usefulhttps://wiki.debian.org/en/LetsEncrypt