Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Users
better configtest
Marc at f1-outsourcing
Apr 16, 2024, 1:41 AM
Post #1 of 5 (49 views)
Permalink
With the forced upon us 90 day certificate renewal crap, my httpd was down today although I have a 'restart procedure' that verifies a bit for errors with apachectl configtest.

1.
what is the point of having a apachectl configtest, when a restart can still fail? It can't be to difficult to include cert checks here, can it? This is now becoming a significant part.

2.
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed

This is useless, why not list config line or cert name?
B?KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB??[??X???X?KK[XZ[?\?\??][??X???X?P ?\X?K???B???Y][?[??[X[??K[XZ[?\?\??Z[ ?\X?K???B
Re: better configtest [ In reply to ]
apache at belanger
Apr 16, 2024, 5:11 AM
Post #2 of 5 (49 views)
Permalink
Hi,

Marc <Marc@f1-outsourcing.eu> wrote:

> With the forced upon us 90 day certificate renewal crap, my httpd
> was down today although I have a 'restart procedure' that verifies
> a bit for errors with apachectl configtest.

Regardless of the certificate duration I would recommend to use
some monitoring tool to check on the status of the web service and
get an alert when the certificate is close from its expiration date.

I personally use Monit [1], but there is probably plenty of other
tools that could fullfill the same purpose.

Sincerely,

1: https://mmonit.com/monit/
--
Xavier Belanger

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: better configtest [ In reply to ]
covener at gmail
Apr 16, 2024, 5:38 AM
Post #3 of 5 (49 views)
Permalink
On Tue, Apr 16, 2024 at 4:42?AM Marc <Marc@f1-outsourcing.eu> wrote:
>
>
> With the forced upon us 90 day certificate renewal crap, my httpd was down today although I have a 'restart procedure' that verifies a bit for errors with apachectl configtest.
>
> 1.
> what is the point of having a apachectl configtest, when a restart can still fail? It can't be to difficult to include cert checks here, can it? This is now becoming a significant part.

The bar is useful, not perfect. configtest checks for _syntax_ validity.

> 2.
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
>
> This is useless, why not list config line or cert name?

This error means post-configuration failed. This is when the collected
config is acted upon, which is not really within line-by-line mode.
Normally there's a preceding error message with more details, maybe in
a vhost-specific error log?

--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: better configtest [ In reply to ]
Marc at f1-outsourcing
Apr 17, 2024, 4:10 AM
Post #4 of 5 (47 views)
Permalink
> >
> > 1.
> > what is the point of having a apachectl configtest, when a restart can
> still fail? It can't be to difficult to include cert checks here, can it?
> This is now becoming a significant part.
>
> The bar is useful, not perfect. configtest checks for _syntax_ validity.
>
> > 2.
> > AH00016: Configuration Failed
> > AH00016: Configuration Failed
> > AH00016: Configuration Failed
> > AH00016: Configuration Failed
> > AH00016: Configuration Failed
> > AH00016: Configuration Failed
> > AH00016: Configuration Failed
> >
> > This is useless, why not list config line or cert name?
>
> This error means post-configuration failed. This is when the collected
> config is acted upon, which is not really within line-by-line mode.
> Normally there's a preceding error message with more details, maybe in
> a vhost-specific error log?

Maybe, I would have to look through quite a lot.

Can't the development team re-think about this? What is the point of not starting httpd if there is an issue with a single virtual host? Why not have that specific virtual host fail only? I would like to have this config syntax check expanded to cert content or some other way of validating that I can test if I can restart httpd safely.






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: better configtest [ In reply to ]
covener at gmail
Apr 17, 2024, 5:02 AM
Post #5 of 5 (47 views)
Permalink
> What is the point of not starting httpd if there is an issue with a single virtual host?

This gives the best feedback to the user that the config couldn't be honored.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal