You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tom Browder <to...@gmail.com> on 2020/07/13 16:10:41 UTC
[users@httpd] mod_md: is a restart always require for auto updates?
I'm running Apache 2.4.43 and just added my first managed virtual host
with mod_md and all worked fine. Now I want to move all my other
virtual host to the same process but I have a few questions first:
1. For an auto renewal for the current managed domain, will I have to
manually restart each time?
2. After I follow the recommendations for the move of the other
domains, will they require an initial manual restart?
3. According to my reading of the docs, using OCSP via mod_md looks to
be the best practice. Am I correct?
Thank you.
Best regards,
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_md: is a restart always require for auto
updates?
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 14.07.2020 um 16:48 schrieb Tom Browder <to...@gmail.com>:
>
> On Tue, Jul 14, 2020 at 02:01 Stefan Eissing <st...@greenbytes.de> wrote:
> > 1. For an auto renewal for the current managed domain, will I have to
> > manually restart each time?
> Clarification: only a reload (graceful) is necessary, not stop+start.
>
> Good point, thanks.
>
> Since the renewal is done usually a month in advance, you have plenty of time. My debian systemd controlled apache is restarted gracefully each day anyway, for example.
>
> Was that systemd installed by debian or did you modify debian's files or install your own?
I am using the plain debian sid setup.
> I haven't yet installed a systemd file because I'm not sure how best to create a satisfactory one. I would like a daily graceful restart even if I have to create a manual cron job.
>
> > 3. According to my reading of the docs, using OCSP via mod_md looks to
> > be the best practice. Am I correct?
>
> It is designed to be more reliable and also offers monitoring. But it is a new thing and bugs may be found.
>
> I think I will try it. I have nothing really mission critical running.
>
> Thank you very much, Stefan!
>
> Cheers,
>
> -Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_md: is a restart always require for auto updates?
Posted by Tom Browder <to...@gmail.com>.
On Tue, Jul 14, 2020 at 02:01 Stefan Eissing <st...@greenbytes.de>
wrote:
> > 1. For an auto renewal for the current managed domain, will I have to
> > manually restart each time?
> Clarification: only a reload (graceful) is necessary, not stop+start.
Good point, thanks.
Since the renewal is done usually a month in advance, you have plenty of
> time. My debian systemd controlled apache is restarted gracefully each day
> anyway, for example.
Was that systemd installed by debian or did you modify debian's files or
install your own?
I haven't yet installed a systemd file because I'm not sure how best to
create a satisfactory one. I would like a daily graceful restart even if I
have to create a manual cron job.
> 3. According to my reading of the docs, using OCSP via mod_md looks to
> > be the best practice. Am I correct?
>
> It is designed to be more reliable and also offers monitoring. But it is a
> new thing and bugs may be found.
I think I will try it. I have nothing really mission critical running.
Thank you very much, Stefan!
Cheers,
-Tom
Re: [users@httpd] mod_md: is a restart always require for auto
updates?
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 13.07.2020 um 18:10 schrieb Tom Browder <to...@gmail.com>:
>
> I'm running Apache 2.4.43 and just added my first managed virtual host
> with mod_md and all worked fine. Now I want to move all my other
> virtual host to the same process but I have a few questions first:
>
> 1. For an auto renewal for the current managed domain, will I have to
> manually restart each time?
Clarification: only a reload (graceful) is necessary, not stop+start.
Since the renewal is done usually a month in advance, you have plenty of time. My debian systemd controlled apache is restarted gracefully each day anyway, for example.
> 2. After I follow the recommendations for the move of the other
> domains, will they require an initial manual restart?
For a new domain mod_md initially installs a "fallback" certificate that is not trusted by browsers, but lets the server start with your configuration. It usually takes a minute to obtain the Lets Encrypt cert. Do a graceful reload afterwards and your site should be up.
>
> 3. According to my reading of the docs, using OCSP via mod_md looks to
> be the best practice. Am I correct?
It is designed to be more reliable and also offers monitoring. But it is a new thing and bugs may be found.
Cheers, Stefan
>
> Thank you.
>
> Best regards,
>
> -Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org