Will a graceful reload of Apache configuration require the SSL Cert password?

apache-2.2 ssl configuration
29,200

Solution 1

No. SSL certificates are only reloaded on a full restart, not a graceful one.

This means you won't need to re-enter the password on a reload/graceful, and also means that changes to the certificates/new certificates/etc require a full restart to take effect.

Solution 2

Because there is a bit of confusion about full restart and graceful restart I must say that

apachectl restart

Fully restarts the server but that is not gracefully done. This means that current connections are aborted.

What you want to achieve can be done gracefully with:

apachectl graceful

Both methods reload the certificates.

Which does a full apache restart, but the active connections are not aborted. It does not accept new connections until the current ones finish processing and restarts after that.

In conclusion, both restart and graceful do a full apache restart, but graceful does not abort connections, waits for them to be closed, then it restarts.

Share:
29,200

Related videos on Youtube

Colin K
Author by

Colin K

Updated on September 18, 2022

Comments

  • Colin K
    Colin K over 1 year

    I have an apache server running that required a minor configuration update. I want to force Apache to reload the config (e.g. via /etc/init.d/httpd reload or apachectl graceful), but I do not posses our SSL cert passwords. The admin who has the passwords is not available right now.

    If I gracefully reload the apache config, will the SSL certificates need the password again? Or does that only happen during a full restart of the server?

  • rustyx
    rustyx over 7 years
    I don't know if anything has changed, but at least on httpd 2.4.20, apachectl graceful as well as SIGHUP do cause a reload of SSL certificates.
  • Dennis
    Dennis about 7 years
    A graceful restart is not the same as a reload. The former just waits for all child processes to exit gracefully before restarting.
  • Nicolás
    Nicolás about 6 years
    @Dennis They are the same; "/etc/init.d/apache2 reload" runs "apachectl -k graceful".
  • Lucas Werkmeister
    Lucas Werkmeister almost 6 years
    And to answer the question, it seems that apachectl graceful does reload the certificates – at least it did in my case (though my certificates are not password-protected).
  • Palec
    Palec about 2 years
    It does not accept new connections until the current ones finish processing and restarts after that. This is wrong, according to the docs. Only the old workers do not accept new connections, but the new workers replace the old ones one by one, as the old ones die. httpd.apache.org/docs/2.2/stopping.html

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache failed to start after SSL config change. No errors. Please help
Found CRL is expired - revoking all certificates until you get an updated CRL
ERROR bad Request-Line - Force ssl - rails
Enable SSL in PHP fsockopen()
How do I setup SSL CRT on my Apache2 server?
setup multiple https on same server using different ports
Apache fails to start, ssl issue
sslv3 alert bad certificate when attempting to connect with Mail Client
Setting up SSL for phpMyAdmin
Apache: VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported