Mod_md and Subdomain: '503 Service Unavailable' for now

bad assumption

Can't you just reload like systemctl reload httpd ?

A reload is usually enough to have Apache pick up new cert files

Didn't make that assumption.

And now we're just bickering so I'm done.

MikeMcQ sure... but that's manual. I need this automatic because I have a million other things to do.

I don't bicker - I'm generally just sarcastic

Cheers from Miami

I'm only 5 behind you at 63 years.

You could reload as a cron too. It doesn't take down Apache like a restart was what I should have made clear.

True, but reload just does not interrupt pending requests. I don't expect any requests to my real estate development company at 01:00 Sunday morning, and like it better to make whole fresh start. Personal choice but anyone can choose different.

And now the lawyer kicks in...
You clearly sent an emoji that should have been understand ... yet it wasn't.
Because?
You assumed it would be understood?
But it wasn't.
Why?
Because English is not his native language? [who knows]
In any case, you [maybe NOT assumed, but] thought/expected he would get it.

I didn't even get it - and English is my first language!
LOL

Understood. Your phrased it like a restart was required and a disadvantage. But if it works for you of course that's fine.

You could do a reload daily if you want to pick up fresh certs earlier and do the restart weekly.

Is a restart required?
Wouldn't a reload do the same trick?

MikeMcQ no need to reload/start daily as mod_mq renews 30 days before expiry so there's plenty of time. Again, this was my intentional personal and informed choice for network hygiene.

And Bruce5051, ah you're just a kid. I still feel and act like I'm 30 and have no intention of changing that.

Excellent!

May we all be so fortunate!
[or brave/willing to do so]

You can even block off all port 80 activity and have your certs automatically renewed if you change your virtual-servers to
Protocols h2 http/1.1 acme-tls/1
... with one other change ...

... but, although I'm an enterprise infosec type for 24 years and long to close 80, this is just a leetle out of my comfort zone for now.

rg305 I've been taking an anti-aging compound for 30 years. (aminoguanidine) You can only get the pure stuff from a chemical company. Very powerful anti-oxidant. Oxidization is one of the three major causes of DNA damage and aging.

Dam!
I've been taking in only for the past 30 years - LOL

Well red wine has been my choice all my life... every day, enough to 'make a difference'. My liver has adapted to it. :j

Since we're sharing "things we've learned" over the years...
I "learned" that port 80 and port 443 are safer kept apart.
I run them on separate system - each behind its' own set of firewalls and proxies.
[but I'm the paranoid type]

When I move to France, I will join team wine!

The only thing [even remotely] close that I take daily is: L-Arginine
[not really close at all - but I'm not much into taking anything other than - LOL]

Now that 443 is practically ubiquitous I am tempted to close 80 as it is a vector for malware comms. But I'm edging closer now that mod_md can tolerate that.