Howto disable apachectl reload after every single renew?


#1

How can i renew multiple ssl certificates but only once, at the end, a apachectl reload ?

My domain is: angioni.nl

I ran this command: certbot renew

My web server is (include version): Apache 2.2 and test 2.4

The operating system my web server runs on is (include version): CentOS 6.5 and CentOS 7.5

My hosting provider, if applicable, is:KPN

I can login to a root shell on my machine (yes or no, or I don’t know): yes


#2

certbot renew will attempt to renew all certs in one pass and if you use a --deploy-hook you can initiate the single apache reload (and it will only execute whenever a cert is actually renewed).


#3

When - use the --deply-hook parameter, all ( almost ) expired certificates will be renewed without an apache reload after each renewal? Only an apache reload at the end configured in the --deploy-hook ?


#4

What authenticator and/or installer plugin is used? The apache plugin requires reloads for the authentication and/or installation tasks. Unfortunately, all the certificates use a “separate” instance of the plugin, so every cert will separately reload twice (or even thrice).

Using a hook will not tell the apache plugin not to reload. The reloading is required and the plugin doesn’t “pool” all the authentications or certs to minimise the reloading.

Why is reloading even an issue if I may ask?


#5

It’s the apache plugin. So what you are saying is that every single renewal will force an Apache reload? So when i have 30 sites and 30 almost expired sites, Apache will reload 30 times or more?


#6

Yes, as far as I know, that indeed is the case. However, a reload shouldn’t be thát problematic?

An alternative is not using an installer plugin, use the certonly mode with the webroot plugin, install the certificate manually and use the --deploy-hook as mentioned above.


#7

Great, i will take a look into that solution… THANX !!


#8

Solution solution, more like workaround. But hey, if it works, it works. :smile:


#9

I agree, apache should be able to “gracefully” reload without any trouble.
Do you experiencing trouble on reload?


#10

a single reload is working perfectly. But on my server, i serve several sites (500) which are hosted on several backend servers, its problematic . Apache is only the frontend serving SSL and is the LoadBalancer. After 30 renews, apache stopped reloading. When is take a look into the processes on Linux is noticed that Apache was completely unloaded. I have to reboot the entire server to start Apache again.


#11

I would update to the latest version of Apache.
If it continues, then try, as @Osiris suggests, using certonly and just reload it once per day.