Hi Michael,

I think Peter already discussed the advantages/disadvantages of using your own CA vs. Verisign&Co vs. Let's encrypt.

Is there a specific reason why you don't like LE? I saw also companies switching to that - and you actually do not need to use the certbot client (although you can run it without root privileges, for example by using the webroot plugin - which I am using for my own systems).

I will have a look at the Apache configuration changes soon, sorry. I'm currently quite busy with other things, but this is on my list.

Best regards, Wolfgang