This is an old revision of the document!
Set up the following directory structure (look at the others there as an example):
$ sudo tree -a /var/www/well-known /var/www/well-known +-- example.com | \-- .well-known -> . \-- www.example.com -> example.com
For your regular HTTP site (non-SSL) add the following to your <VirtualHost/>
block:
Include /etc/apache2/conf-available/well-known.conf
Now reload Apache for your configuration to take effect.
Finally run:
sudo certbot certonly --webroot -w /var/www/well-known/example.com -d example.com -d www.example.com
N.B. you can append many more sub-domains on there if you want to use use multiple domains in the same certificate
Now go back to your <VirtualHost/>
block for your domain and make the opening look like:
<VirtualHost *:80 *:443>
Now slip into in the following lines into the block its-self:
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem Include /etc/letsencrypt/options-ssl-apache.conf RewriteEngine on RewriteCond %{HTTPS} off RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one).