Roland's Friendica Network

Roland Häder via Friendica Admins 5 months ago friendica

apache2ctl configtest does not include checking SSL certificates

Today I renewed some of my SSL certificates and suddenly Apache2 was no longer starting. A apache2ctl configtest says all was fine. So I checked log files but found that there was a configuration error, which I wonder why the two different messages can happen.

As it turned out, one of the PEM files only contained DH parameters and no real certificate. After I added the cert block from a backup, the apache2 started again. After a renewing of the certificate, I can again access my SSL-secured website again (it is my personal #invidious proxy).

I wanted to share this with you, including !Friendica Admins to save you a lot of time investigating it. So apache2ctl configtest does NOT check validity of SSL certificates but on startup of Apache2 they are being checked.

#invidious !Friendica Admins

Friendica Admins reshared this.

Roland Häder 5 months ago friendica

@Hans Wolters I'm using a custom version of tiny-acme and my LE stuff is in /var/www/letsencrypt/ including shell scripts and thea ACME client.

@Hans Wolters

Adam 5 months ago • friendica (via ActivityPub)

Also if using letsencrypt, "certbot certificates" is your friend.

Roland Häder 5 months ago friendica

@Adam I can do it similar here: ./renew_cert.sh friendica or any other name as it is the same for certificate file and openssl-friendica.cnf file. I then need to restart proper services, e.g. for mail I restart both Postfix and Courier.

@Adam

Adam 5 months ago • friendica (via ActivityPub)

I know I'm tired when I didn't even notice the body of your post as it contained a word that I have for folding them up... so I thought your post was just the title.

My reply wasn't all the helpful then. heh! Sorry about that.

Roland Häder likes this.