Thread
suggests the use of a proxy domain to use LE certificates for LC itself, taking away the administrative hassle of updating and manually installing valid LC certificates.
From apache 2.4 the default setting is that peer certificates are checked for errors, which makes the proposed proxy solution error out on localhost and anything else that can be wrong with the LC certificate, expiry for instance. I could only get it working when LC had a valid certificate and with the right domain pointing to localhost. Then I thought to be smart and put a .httpd.conf with:
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLProxyCheckPeerName off
Unfortunately by default .httpd.conf is not included in proxy virtual domains. The work around is to manually change the apache configuration, but that would be easily overwritten by LC. I could not figure out how to override the responsible LUA apache.buildConfig in custom.lua; LC refused to run. May be because apache.buildConfig is declared as local?
Another inconvenience issue is with LUA users.addUser in that it does not copy the /etc/skel when a new user is created. This is simply caused by the missing -m switch in the useradd commands.
Find here the lua files to fix both issues. Could these please be included in a next release? Thank you!