It may be possible to write your own auto-renewal script relatively
easily for LetsEncrypt. I have done for Apache as (a) I don't use the
standard paths and setup, (b) I wish to use HPKP on my servers for
additional security and "Lets Encrypt" auto scripts generate a new key
each time which breaks this (the signature changes and is unpredictable)
- so my script generates a lets encrypt request with the appropriate key
(either the same OR the backup key I've already generated) I now have a
relatively simple script which reads my config file and generates keys
accordingly if required (the only thing it doesn't do is restart the
server for the new certificates to be read) but it does inform me this
is happening. It shouldn't be to difficult for nginx to do similar
On 17/08/2016 20:23, R wrote:
It seemed like the auto-renewal process for ssl from LetsEncrypt is
not supported yet for nginx, at least according to this article on its
publication date:
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
My needs are really simple and I wanted to go with whichever would be
simpler to setup.
On Wed, Aug 17, 2016 at 2:50 PM, Dr James Smith <j...@sanger.ac.uk
<mailto:j...@sanger.ac.uk>> wrote:
Depends on your backends - nginx is good if it is serving
primarily static files and or proxying back to quick responding
backends. It seems to be less well suited to slower/heavier
backends. Apache always seems to work - slower mind you - but
always seems to work... So if reliability is your requirement then
nginx may be a problem!
On 17/08/2016 19:41, Erik Dobák wrote:
why did not you use nginx anyway? should be faster and modern.
did not
have the chance to try that yet myself. still using apache
everywhere.
On 17 August 2016 at 03:18, R <bittransfer2...@gmail.com
<mailto:bittransfer2...@gmail.com>> wrote:
Ugh sorry, I had a test installation of nginx on the
machine, which was not
fully removed after doing "apt-get remove". Looks like it
would still start
up somehow. After I purged nginx, then apache2 started ok
after reboot.
Thanks
On Tue, Aug 16, 2016 at 8:57 PM, R
<bittransfer2...@gmail.com
<mailto:bittransfer2...@gmail.com>> wrote:
Hi, this is everything from cat
/var/log/apache2/error.log:
[Mon Aug 15 13:42:17.138117 2016] [mpm_event:notice]
[pid 26081:tid
139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
configured -- resuming
normal operations
[Mon Aug 15 13:42:17.138282 2016] [core:notice] [pid
26081:tid
139773925775232] AH00094: Command line:
'/usr/sbin/apache2'
[Mon Aug 15 14:55:14.003814 2016] [mpm_event:notice]
[pid 26081:tid
139773925775232] AH00493: SIGUSR1 received. Doing
graceful restart
AH00112: Warning: DocumentRoot
[/var/lib/letsencrypt/tls_sni_01_page/]
does not exist
AH00558: apache2: Could not reliably determine the
server's fully
qualified domain name, using 127.0.1.1. Set the
'ServerName' directive
globally to suppress this message
[Mon Aug 15 14:55:14.054552 2016] [ssl:warn] [pid
26081:tid
139773925775232] AH01906:x:0 server certificate is a
CA certificate
(BasicConstraints: CA == TRUE !?)
[Mon Aug 15 14:55:14.054736 2016] [mpm_event:notice]
[pid 26081:tid
139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
OpenSSL/1.0.2g-fips
configured -- resuming normal operations
[Mon Aug 15 14:55:14.054747 2016] [core:notice] [pid
26081:tid
139773925775232] AH00094: Command line:
'/usr/sbin/apache2'
[Mon Aug 15 14:55:20.854353 2016 <tel:854353%202016>]
[mpm_event:notice] [pid 26081:tid
139773925775232] AH00493: SIGUSR1 received. Doing
graceful restart
AH00558: apache2: Could not reliably determine the
server's fully
qualified domain name, using 127.0.1.1. Set the
'ServerName' directive
globally to suppress this message
[Mon Aug 15 14:55:20.865056 2016] [mpm_event:notice]
[pid 26081:tid
139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
configured -- resuming
normal operations
[Mon Aug 15 14:55:20.865076 2016] [core:notice] [pid
26081:tid
139773925775232] AH00094: Command line:
'/usr/sbin/apache2'
[Mon Aug 15 14:55:23.807722 2016 <tel:807722%202016>]
[mpm_event:notice] [pid 26081:tid
139773925775232] AH00493: SIGUSR1 received. Doing
graceful restart
AH00558: apache2: Could not reliably determine the
server's fully
qualified domain name, using 127.0.1.1. Set the
'ServerName' directive
globally to suppress this message
[Mon Aug 15 14:55:23.840209 2016] [mpm_event:notice]
[pid 26081:tid
139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
OpenSSL/1.0.2g-fips
configured -- resuming normal operations
[Mon Aug 15 14:55:23.840217 2016] [core:notice] [pid
26081:tid
139773925775232] AH00094: Command line:
'/usr/sbin/apache2'
[Mon Aug 15 14:55:31.995008 2016] [mpm_event:notice]
[pid 26081:tid
139773925775232] AH00493: SIGUSR1 received. Doing
graceful restart
AH00558: apache2: Could not reliably determine the
server's fully
qualified domain name, using 127.0.1.1. Set the
'ServerName' directive
globally to suppress this message
[Mon Aug 15 14:55:32.023059 2016] [mpm_event:notice]
[pid 26081:tid
139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
OpenSSL/1.0.2g-fips
configured -- resuming normal operations
[Mon Aug 15 14:55:32.023076 2016] [core:notice] [pid
26081:tid
139773925775232] AH00094: Command line:
'/usr/sbin/apache2'
[Mon Aug 15 14:56:04.269625 2016 <tel:269625%202016>]
[ssl:error] [pid 29903:tid
139773645637376] [client 64.41.200.108:39890
<http://64.41.200.108:39890>] AH02042: rejecting client
initiated renegotiation
[Mon Aug 15 18:40:58.774299 2016 <tel:774299%202016>]
[ssl:error] [pid 29904:tid
139773819877120] [client 64.41.200.105:34645
<http://64.41.200.105:34645>] AH02042: rejecting client
initiated renegotiation
[Mon Aug 15 19:07:02.626527 2016 <tel:626527%202016>]
[mpm_event:notice] [pid 26081:tid
139773925775232] AH00491: caught SIGTERM, shutting down
[Mon Aug 15 19:07:03.939317 2016 <tel:939317%202016>]
[mpm_event:notice] [pid 2548:tid
140489013651328] AH00489: Apache/2.4.18 (Ubuntu)
mod_jk/1.2.41
OpenSSL/1.0.2g-fips configured -- resuming normal
operations
[Mon Aug 15 19:07:03.939444 2016 <tel:939444%202016>]
[core:notice] [pid 2548:tid
140489013651328] AH00094: Command line:
'/usr/sbin/apache2'
[Mon Aug 15 19:13:44.445770 2016 <tel:445770%202016>]
[mpm_event:notice] [pid 2548:tid
140489013651328] AH00491: caught SIGTERM, shutting down
[Mon Aug 15 19:13:45.265839 2016] [mpm_event:notice]
[pid 2705:tid
140547327522688] AH00489: Apache/2.4.18 (Ubuntu)
mod_jk/1.2.41
OpenSSL/1.0.2g-fips configured -- resuming normal
operations
[Mon Aug 15 19:13:45.265879 2016] [core:notice] [pid
2705:tid
140547327522688] AH00094: Command line:
'/usr/sbin/apache2'
[Tue Aug 16 20:12:44.384947 2016] [mpm_event:notice]
[pid 2705:tid
140547327522688] AH00491: caught SIGTERM, shutting down
On Tue, Aug 16, 2016 at 6:46 PM, Rodrigo Cunha
<rodrigo.root...@gmail.com
<mailto:rodrigo.root...@gmail.com>>
wrote:
execute
cat /var/log/apache2/error.log
and post stdout
2016-08-16 19:26 GMT-03:00 R
<bittransfer2...@gmail.com
<mailto:bittransfer2...@gmail.com>>:
Hi,
I've installed apache on my Ubuntu 16.04
machine as follows:
sudo apt-get install apache2
and it works fine. It does not restart on its
own though after a reboot.
Are there other Ubuntu 16.04 users that have
it restarting on reboot?
Thanks
--
Atenciosamente,
Rodrigo da Silva Cunha
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose
registered office is 215 Euston Road, London, NW1 2BE.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.