apache2ctl configtest does not include checking SSL certificates
Today I renewed some of my SSL certificates and suddenly Apache2 was no longer starting. A
As it turned out, one of the PEM files only contained DH parameters and no real certificate. After I added the cert block from a backup, the apache2 started again. After a renewing of the certificate, I can again access my SSL-secured website again (it is my personal #invidious proxy).
I wanted to share this with you, including !Friendica Admins to save you a lot of time investigating it. So
apache2ctl configtest
says all was fine. So I checked log files but found that there was a configuration error, which I wonder why the two different messages can happen.As it turned out, one of the PEM files only contained DH parameters and no real certificate. After I added the cert block from a backup, the apache2 started again. After a renewing of the certificate, I can again access my SSL-secured website again (it is my personal #invidious proxy).
I wanted to share this with you, including !Friendica Admins to save you a lot of time investigating it. So
apache2ctl configtest
does NOT check validity of SSL certificates but on startup of Apache2 they are being checked.Friendica Admins reshared this.
Roland Häder
Unknown parent • •tiny-acme
and my LE stuff is in/var/www/letsencrypt/
including shell scripts and thea ACME client.Roland Häder
Unknown parent • •./renew_cert.sh friendica
or any other name as it is the same for certificate file andopenssl-friendica.cnf
file. I then need to restart proper services, e.g. formail
I restart both Postfix and Courier.