Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Users
mod_md: is a restart always require for auto updates?
tom.browder at gmail
Jul 13, 2020, 9:10 AM
Post #1 of 4 (357 views)
Permalink
I'm running Apache 2.4.43 and just added my first managed virtual host
with mod_md and all worked fine. Now I want to move all my other
virtual host to the same process but I have a few questions first:

1. For an auto renewal for the current managed domain, will I have to
manually restart each time?

2. After I follow the recommendations for the move of the other
domains, will they require an initial manual restart?

3. According to my reading of the docs, using OCSP via mod_md looks to
be the best practice. Am I correct?

Thank you.

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: mod_md: is a restart always require for auto updates? [ In reply to ]
stefan.eissing at greenbytes
Jul 14, 2020, 12:01 AM
Post #2 of 4 (355 views)
Permalink
> Am 13.07.2020 um 18:10 schrieb Tom Browder <tom.browder@gmail.com>:
>
> I'm running Apache 2.4.43 and just added my first managed virtual host
> with mod_md and all worked fine. Now I want to move all my other
> virtual host to the same process but I have a few questions first:
>
> 1. For an auto renewal for the current managed domain, will I have to
> manually restart each time?

Clarification: only a reload (graceful) is necessary, not stop+start.

Since the renewal is done usually a month in advance, you have plenty of time. My debian systemd controlled apache is restarted gracefully each day anyway, for example.

> 2. After I follow the recommendations for the move of the other
> domains, will they require an initial manual restart?

For a new domain mod_md initially installs a "fallback" certificate that is not trusted by browsers, but lets the server start with your configuration. It usually takes a minute to obtain the Lets Encrypt cert. Do a graceful reload afterwards and your site should be up.
>
> 3. According to my reading of the docs, using OCSP via mod_md looks to
> be the best practice. Am I correct?

It is designed to be more reliable and also offers monitoring. But it is a new thing and bugs may be found.

Cheers, Stefan

>
> Thank you.
>
> Best regards,
>
> -Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: mod_md: is a restart always require for auto updates? [ In reply to ]
tom.browder at gmail
Jul 14, 2020, 7:48 AM
Post #3 of 4 (351 views)
Permalink
On Tue, Jul 14, 2020 at 02:01 Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:

> > 1. For an auto renewal for the current managed domain, will I have to
> > manually restart each time?
> Clarification: only a reload (graceful) is necessary, not stop+start.


Good point, thanks.

Since the renewal is done usually a month in advance, you have plenty of
> time. My debian systemd controlled apache is restarted gracefully each day
> anyway, for example.


Was that systemd installed by debian or did you modify debian's files or
install your own?

I haven't yet installed a systemd file because I'm not sure how best to
create a satisfactory one. I would like a daily graceful restart even if I
have to create a manual cron job.

> 3. According to my reading of the docs, using OCSP via mod_md looks to
> > be the best practice. Am I correct?
>
> It is designed to be more reliable and also offers monitoring. But it is a
> new thing and bugs may be found.


I think I will try it. I have nothing really mission critical running.

Thank you very much, Stefan!

Cheers,

-Tom
Re: mod_md: is a restart always require for auto updates? [ In reply to ]
stefan.eissing at greenbytes
Jul 14, 2020, 8:03 AM
Post #4 of 4 (351 views)
Permalink
> Am 14.07.2020 um 16:48 schrieb Tom Browder <tom.browder@gmail.com>:
>
> On Tue, Jul 14, 2020 at 02:01 Stefan Eissing <stefan.eissing@greenbytes.de> wrote:
> > 1. For an auto renewal for the current managed domain, will I have to
> > manually restart each time?
> Clarification: only a reload (graceful) is necessary, not stop+start.
>
> Good point, thanks.
>
> Since the renewal is done usually a month in advance, you have plenty of time. My debian systemd controlled apache is restarted gracefully each day anyway, for example.
>
> Was that systemd installed by debian or did you modify debian's files or install your own?

I am using the plain debian sid setup.

> I haven't yet installed a systemd file because I'm not sure how best to create a satisfactory one. I would like a daily graceful restart even if I have to create a manual cron job.
>
> > 3. According to my reading of the docs, using OCSP via mod_md looks to
> > be the best practice. Am I correct?
>
> It is designed to be more reliable and also offers monitoring. But it is a new thing and bugs may be found.
>
> I think I will try it. I have nothing really mission critical running.
>
> Thank you very much, Stefan!
>
> Cheers,
>
> -Tom


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal