A. Do you have any documentation on how the bncert-tool works? (at a command line level).
I've read the the bitnami guides -
https://docs.bitnami.com/google/how-to/generate-install-lets-encrypt-ssl/#alternative-approach, and
https://docs.bitnami.com/google/how-to/understand-bncert/
I also watched the video where @michiel mentions that arguments can be added to the command;
sudo ./bncert-tool --enable_https_redirection 0
B. Is there anything else I should know?
C. As I mentioned above, I have three websites running within VirtualHosts under the same IP. So I would like to know how the bncert-tool would read my Bitnami configuration in order to make the 'correct' changes to my server.
I already ran the bncert-tool (before I had finished configuring varnish) and this generated the certificate and key for my primary domain but failed to create a cron job (that's something I still need to investigate).
It also made changes to the following files;
/opt/bitnami/apache2/conf/httpd.conf
/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf
/opt/bitnami/apache2/conf/bitnami/bitnami.conf
D. Now within httpd.conf, it changed ServerName from localhost to that of my primary domain, which should be ok (even though I have 3 domains on the same instance).
E. But since I am running my websites from the bitnami-apps-vhost.conf file, I assume I need to move the following statement from bitnami-apps-prefix.conf where it was created by the bncert-tool?
Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
F. And should I create a file called /opt/bitnami/apps/letsencrypt/conf/httpd-vhost.conf or just use this httpd-prefix.conf file (even though I am not running in prefix mode)?
G. And finally, what should I do about bitnami.conf? I realise this is the default configuration, so will the virtual host configurations for each website in /opt/bitnami/apps/app-name/conf/httpd-vhosts.conf override any statements in bitnami.conf?
I would normally list the certificates for each domain in their respective VirtualHost declaration, whereas the bitnami.conf file seems written from the perspective of a single domain.
Should I comment out the certificate statements in bitnami.conf or just leave them referring to my primary domain?
SSLCertificateFile "/opt/bitnami/apache2/conf/primary-domain.com.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/primary-domain.com.key"
Thanks!