On Thu, 6 Sep 2018, Louis Kowolowski wrote:
I also created /etc/letsencrypt/renewal-hooks/post/apache-restart:
#!/usr/bin/bash
/usr/bin/systemctl restart httpd.service >/dev/null 2>/dev/null
I"m not familiar with apache any more (haven't really used it in
probably a decade). If loading in the new cert can be done with a
'reload' instead of a 'restart' you won't have to take the outage.
You may not care, and thats fine. Just a thought.
New SSL keys and certificates require a full restart in Apache. I'm
fairly sure that's the best policy in terms of security. I can't
envision a situation in which I'd willinging choose to have a service
simultanously running two different certificates for the same CN.
--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W
_______________________________________________
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug