Attempt apache mod_md with Lets Encrypt Staging

templates/Fedora/34/etc/httpd/conf.d/vhost.conf

@@ -1,3 +1,17 @@
+MDBaseServer on
+MDCertificateProtocol ACME
+MDCAChallenges http-01
+MDDriveMode auto
+MDPrivateKeys RSA 4096
+MDRenewWindow
+MDStoreDir md
+# MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
+# We want staging for now...
+MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
+# MDCertificateAgreementhttps://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
+# https://httpd.apache.org/docs/trunk/mod/mod_md.html says the below works...
+MDCertificateAgreement accepted
+
 <Directory "/srv/http">
     AllowOverride None
     Require all granted
@@ -58,6 +72,8 @@
 
 {% endfor %}
 {% endif %}
+MDomain {{ item.fqdn }}
+
 <VirtualHost *:443>
   SSLEngine on
   SSLProtocol all -TLSv1.1
@@ -65,8 +81,12 @@
   SSLHonorCipherOrder on
   SSLCipherSuite PROFILE=SYSTEM
   SSLProxyCipherSuite PROFILE=SYSTEM
-  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+  # original
-  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+  # SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+  # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+  # mod_md should change hte default value to this
+  # SSLCertificateFile /etc/httpd/md/domains/{{ item.fqdn }}/pubcert.pem
+  # SSLCertificateKeyFile /etc/httpd/md/domains/{{ item.fqdn }}/privkey.pem
   ServerName {{ item.fqdn }}
   ServerAdmin webmaster@firedragonenterprises.com
   DocumentRoot /srv/http/{{ item.fqdn }}