apache: Don't restart daemon when changing certificates (!2518) · Merge requests · FreedomBox / FreedomBox

Sunil Mohan Adapa requested to merge sunilmohan/freedombox:reload-apache-instead-of-restart into main Sep 17, 2024

When domain name is updated, it usually results in a error page as the HTTP connection is broken in the middle of a page load. This is due to apache restarting in the middle of domain change operation by letsencrypt component. This also leads to several functional tests failing. To fix this, ensure that letsencrypt does a reload on the apache2 daemon instead of restarting it.

'reload' operation on apache2 triggers the command 'apachectl graceful'. It ensures that currently running continue to serve the open HTTP connection until the page load has been completed. After that those connections stop. Meanwhile, the server reloads configuration (and apparently the related TLS certificates too).

Tests:

Unit tests pass.
When self-signed certificate is updated with 'make-ssl-cert generate-default-snakeoil --force-overwrite' and 'systemctl try-reload-or-restart apache2' is called, the new certificate is loaded by apache2. Browser shows the untrusted certificate warning again. The certificate information in the connection details has been updated.

Signed-off-by: default avatarSunil Mohan Adapa sunil@medhas.org

apache: Don't restart daemon when changing certificates

Merge request reports