httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr James Smith <>
Subject Re: [users@httpd] Make Apache react more graceful to SSL errors
Date Sun, 01 May 2016 13:28:42 GMT
Agree with Michael,

My start/stop scripts all now do a configtest before trying to 
stop/start apache - this way I never have no service if something goes 

I do have a forcestop which will stop an apache if the config is wrong - 
as a last resort!


On 01/05/2016 14:27, Michael A. Peters wrote:
> On 05/01/2016 06:19 AM, Florian Lindner wrote:
>> Hello,
>> in my server configuration users can place their own SSL certificate in
>> predefined directories. A daily cron script detects them, updates the 
>> apache
>> config and restarts the server.
>> However, if there is a problem with the certificate or key file, the 
>> apache
>> refused to work altogether.
>> Is it possible to make apache disable only the problematic vhost 
>> instead of
>> refusing to start?
> What you probably need to do is validate the certificates before 
> updating the apache configuration file. The TLS library (e.g. openssl) 
> probably can do that, though I'm not familiar with the specific 
> argument you would need.
> Apache also has a check that can test whether or not apache will 
> successfully start, that you can run before restarting the server.
> apachectl configtest
> I believe is the command.
> I'm not sure it tests all the TLS certs but if it doesn't, it is a bug 
> in my mind.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message