Mailing List Archive

Tom Browder <tom.browder@gmail.com> wrote:
> Anyone have a suggestion for a good restart frequency for managed certs?
> Also, should the cron job use "apachectl" or a systemd command?

My Slackware-64 15.0 system checks certs daily using the supplied "dehydrated"
Let's Encrypt client. It renew a cert when the system date is within 30 days of
expiration. I closely follow the process developed by alienbob for SW14 at:

https://alien.slackbook.org/blog/using-letsencrypt-to-secure-your-slackware-webserver-with-https/

I updated the process for SW15:

https://metaed.com/papers/dehydrated.pdf

Because Slackware is not a systemd distro, the daily job uses "apachectl -k
graceful" when a new cert is generated.

Cheers! Edward

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Fri, Mar 24, 2023 at 12:23 Tom Browder <tom.browder@gmail.com> wrote:

> I have all my websites using Apache's managed certs. Up to now I have been
> restarting them periodically manually as root executing "apachectl
> graceful" and then checking to see if the update happened. I have for a
> long time been meaning to do that as a cron job, but haven't set one up in
> a great while.


With all due thanks and respect to responders to my original question, I
think I need to break it into pieces:

1. Is anyone using Apache's experimental "managed domain" (mod_md) for
taking care of Letsencrypt TLS cert handling? If not, please do not respond.

2. If, and only if, that is true, a few questions:

a. How do you manage the required restarts to make the system work
correctly?

b. Do you use "apachectl" or "systemctl" to control restarts?

c. If you use a cron job, are you willing to share the pertinent lines?

Thanks,

-Tom

It was thus said that the Great Tom Browder once stated:
> On Fri, Mar 24, 2023 at 12:23 Tom Browder <tom.browder@gmail.com> wrote:
>
> > I have all my websites using Apache's managed certs. Up to now I have been
> > restarting them periodically manually as root executing "apachectl
> > graceful" and then checking to see if the update happened. I have for a
> > long time been meaning to do that as a cron job, but haven't set one up in
> > a great while.
>
>
> With all due thanks and respect to responders to my original question, I
> think I need to break it into pieces:
>
> 1. Is anyone using Apache's experimental "managed domain" (mod_md) for
> taking care of Letsencrypt TLS cert handling? If not, please do not respond.

I am, currently for 12 sites (about to add another one). I started using
it in February, with Apache 2.4.54. It's been working fine for me.

> 2. If, and only if, that is true, a few questions:
>
> a. How do you manage the required restarts to make the system work
> correctly?

I already have a cron job to rotate the sever log files (monthly) so the
restarts are already happening.

> b. Do you use "apachectl" or "systemctl" to control restarts?

apachectrl

> c. If you use a cron job, are you willing to share the pertinent lines?

The only pertinent line in the cron job is:

/usr/local/apache2/bin/apachectl graceful

-spc


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On 3/24/23 20:53, Sean Conner wrote:
> /usr/local/apache2/bin/apachectl graceful


that might not work if systemd is superving


--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Fri, Mar 24, 2023 at 20:26 Ruben Safir <mrbrklyn@panix.com> wrote:

> On 3/24/23 20:53, Sean Conner wrote:
> > /usr/local/apache2/bin/apachectl graceful
>
> that might not work if systemd is superving


What would you recommend?

-Tom

It was thus said that the Great Ruben Safir once stated:
> On 3/24/23 20:53, Sean Conner wrote:
> > /usr/local/apache2/bin/apachectl graceful
>
> that might not work if systemd is superving

systemd is not supervising on my server, which is why I'm using apachectl.

-spc


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On 3/24/23 21:53, Tom Browder wrote:
> On Fri, Mar 24, 2023 at 20:26 Ruben Safir <mrbrklyn@panix.com> wrote:
>
>> On 3/24/23 20:53, Sean Conner wrote:
>>> /usr/local/apache2/bin/apachectl graceful
>>
>> that might not work if systemd is superving
>
>
> What would you recommend?
>
> -Tom
>
I perfer apachctl because my apache set up and administration is outside
of the OSs tools set or package management.

But I am not using systemd since I use artix linux.

systemd controlls sockets etc. I had found that when systemd controlled
apache and apache died because of coding error, that systemd spun out of
control, repeatedly reboot apache over and over again in an endless
loop. It is not the behavior I wanted.

not even killall -9 httpd would put that bad dog down.

Reuvain
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org