You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by joe a <jo...@j4computers.com> on 2024/02/09 17:58:15 UTC
[users@httpd] apache SSL cache?
I have apache configured as a reverse SSL proxy.
Users connecting to the back end service are warned about the
certificate, which, when installed shows the cert has the domains of the
apache hosted site, not the proxy site. The apache hosted site/domains
names have their own valid certificates.
It's LetsEncrypt via acme-companion (dockerized) and checking the status
via the acme service shows the correct domain names. I suspect the
initial certificate was generated when I had some misconfiguration
Is apache caching the older cert or perhaps serving up it's own certificate?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache SSL cache?
Posted by joe a <jo...@j4computers.com>.
On 2/9/2024 12:58:15, joe a wrote:
> I have apache configured as a reverse SSL proxy.
>
> Users connecting to the back end service are warned about the
> certificate, which, when installed shows the cert has the domains of the
> apache hosted site, not the proxy site. The apache hosted site/domains
> names have their own valid certificates.
>
> It's LetsEncrypt via acme-companion (dockerized) and checking the status
> via the acme service shows the correct domain names. I suspect the
> initial certificate was generated when I had some misconfiguration
>
> Is apache caching the older cert or perhaps serving up it's own
> certificate?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
The "solution" seems to be to copy the cert files from the docker
container, to the apache host and adjust the virtual host config to
define and use them.
That is add:
SSLCertificateFile /some/local/dir.d/cert.file
SSLCertificateKeyFile /some/local/dir.d/key.file
That would not be an issue, but, every 90 days, give or take, this has
to be done again.
Is there no better way?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org