Hi everyone, FWIW: If OP doesn't actually *use* mod_md for certificate handling (by having at least an MDomain directive anywhere), he should just do `a2dismod md` and restart the server and it should work as before.
As I'm a heavy user of mod_md, I'll chime in here with some background info. mod_md implements the ACME protocol for certificate handling in Apache httpd itself. It is written in pure C and does not use the python packages mentioned earlier like certbot does. It does not need nor touch the /etc/letsencrypt directory. For its own storage requirements, there is [1]: > MDStoreDir Directive > Description: Path on the local file system to store the Managed Domains > data. > Syntax: MDStoreDir path > Default: MDStoreDir md > Context: server config > Status: Experimental > Module: mod_md > > Defines where on the local file system the Managed Domain data is stored. > This is an absolute path or interpreted relative to the server root. The > default will create a directory 'md' in your server root. > > If you move this and have already data, be sure to move/copy the data first > to the new location, reconfigure and then restart the server. If you > reconfigure and restart first, the server will try to get new certificates > that it thinks are missing. (Keep in mind that server root != document root!) Furthermore, mod_md uses that directory not only to store challenge content (in md/challenges) (which is only temporary), but also the ACME account data (md/accounts) as well as the actual certificates (md/domains, md/archive) - including some intermediate steps while requesting (md/staging, md/tmp) and OCSP data (md/ocsp). So for some of the content, /var/cache might be appropriate (although it could even be an actual tmpdir), but for others, it should at least be /var/lib, if you are insistent on not having it write in /etc. Also, IMHO, the current content of /etc/apache2/md needs to be copied/moved to any alternate location that we decide on... Or at least acknowledge mod_md explicitly in the NEWS entry for requiring additional setup in the systemd.service and encourage the user to move the directory itself? Best regards, Moritz [1]: https://httpd.apache.org/docs/current/mod/mod_md.html#mdstoredir
signature.asc
Description: This is a digitally signed message part
