httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael A. Peters" <>
Subject Re: [users@httpd] Make Apache react more graceful to SSL errors
Date Sun, 01 May 2016 13:27:09 GMT
On 05/01/2016 06:19 AM, Florian Lindner wrote:
> Hello,
> in my server configuration users can place their own SSL certificate in
> predefined directories. A daily cron script detects them, updates the apache
> config and restarts the server.
> However, if there is a problem with the certificate or key file, the apache
> refused to work altogether.
> Is it possible to make apache disable only the problematic vhost instead of
> refusing to start?

What you probably need to do is validate the certificates before 
updating the apache configuration file. The TLS library (e.g. openssl) 
probably can do that, though I'm not familiar with the specific argument 
you would need.

Apache also has a check that can test whether or not apache will 
successfully start, that you can run before restarting the server.

apachectl configtest

I believe is the command.

I'm not sure it tests all the TLS certs but if it doesn't, it is a bug 
in my mind.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message