[PLUG] Favorite Certificate Authorities
Paul Heinlein
heinlein at madboa.com
Thu Sep 6 16:40:27 UTC 2018
On Thu, 6 Sep 2018, Louis Kowolowski wrote:
>> I also created /etc/letsencrypt/renewal-hooks/post/apache-restart:
>>
>> #!/usr/bin/bash
>> /usr/bin/systemctl restart httpd.service >/dev/null 2>/dev/null
>
> I"m not familiar with apache any more (haven't really used it in
> probably a decade). If loading in the new cert can be done with a
> 'reload' instead of a 'restart' you won't have to take the outage.
> You may not care, and thats fine. Just a thought.
New SSL keys and certificates require a full restart in Apache. I'm
fairly sure that's the best policy in terms of security. I can't
envision a situation in which I'd willinging choose to have a service
simultanously running two different certificates for the same CN.
--
Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W
More information about the PLUG
mailing list