[Bug 66526] provide a better way to reload TLS certificates/keys/etc.

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=66526

--- Comment #1 from Stefan Eissing <st...@eissing.org> ---
I'm afraid this would open a can of worms and make configuration handling more
error prone. Additionally, I see impacts of this on server performance, too.

In ACME support for Apache httpd (mod_md), we do not trigger automatic graceful
restarts for the reasons you mentioned. Instead, we recommend regular reloads
at times the server admin deems appropriate.

The immediate need for a certificate change reload, in my experience, only
happens when you take additional domains into a server. But then you'd need new
`VirtualHost` definitions anyway.

For domains with existing certificates, ACME renewals are done days before the
certs expire, so a reload can be quite delayed until a problem with the service
occurs.

Are there additional scenarios where this feature is necessary?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org