I am using Let's Encrypt (certonly) to generate SSL certificates for several websites hosted on an Apache server. The file location of these certificates is determinate before they are created, so I am writing their paths into my virtual host configuration in advance. Once the site is running, I will use certbot to get the certificate files and then reload the Apache configuration.

I also have a global SSL certificate defined with valid files, so every SSL virtual host will be certain to have a certificate.

The problem I'm having is that Apache won't run without all the certificate files, despite having a global fallback. I tried to conditionally configure the Let's Encrypt certificate only when the file exists using IF, but Apache says SSLCertificateFile not allowed here.

It should be possible to override the global SSLCertificateFile only when the new certificate files exist. I'm trying to do all of this without having to modify the configuration before and after the certificates have been generated.

Here is what I tried:

<If "-f '/etc/letsencrypt/live/domain/fullchain.pem'">
  SSLCertificateFile /etc/letsencrypt/live/domain/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/domain/privkey.pem
</If>
→　SSLCertificateFile not allowed here