Skip to main content


apache2ctl configtest does not include checking SSL certificates


Today I renewed some of my SSL certificates and suddenly Apache2 was no longer starting. A apache2ctl configtest says all was fine. So I checked log files but found that there was a configuration error, which I wonder why the two different messages can happen.

As it turned out, one of the PEM files only contained DH parameters and no real certificate. After I added the cert block from a backup, the apache2 started again. After a renewing of the certificate, I can again access my SSL-secured website again (it is my personal #invidious proxy).

I wanted to share this with you, including !Friendica Admins to save you a lot of time investigating it. So apache2ctl configtest does NOT check validity of SSL certificates but on startup of Apache2 they are being checked.

Friendica Admins reshared this.

Unknown parent

Roland Häder
@Hans Wolters I'm using a custom version of tiny-acme and my LE stuff is in /var/www/letsencrypt/ including shell scripts and thea ACME client.
Unknown parent

Roland Häder
@Adam I can do it similar here: ./renew_cert.sh friendica or any other name as it is the same for certificate file and openssl-friendica.cnf file. I then need to restart proper services, e.g. for mail I restart both Postfix and Courier.
@Adam