0

My server has lots of virtualhosts, many client's domains come and go pretty frequently, and sometimes it's difficult to act quickly, finding the culprit (usually a dismissed domain) and restart apache without errors. For example last night apache restarted but there was an error in the log file of one of the virtualhosts:

[error] Unable to configure RSA server private key
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate

I deleted the virtualhost and apache restarted, but I would prefer if such events could throw only warnings and not prevent apache from restarting, I'm wondering if there's some option for ignoring those.

user1967184
  • 1
  • 2
    This is the XY problem - if a client's domain is retired it should be removed. And if it hasn't been removed you won't get these errors anyway. – symcbean Jun 15 '23 at 08:30

1 Answers1

2

A missing TLS certificate / private key is a hard configuration error that Apache httpd can't ignore or resolve gracefully (for example by using a built-in default).

Only lower level configuration errors, the ones that result in warnings with[warn] or [notice] priorities, can be ignored won't prevent Apache httpd from starting. (for example a "[warn] server certificate CommonName (CN) `www.example.com' does NOT match server name" )

If your work-flow is prone to result in such inconsistencies:

  1. Improve/automate your work-flow to avoid those

  2. Train yourself to run something like apachectl configtest after making changes

  3. Add such a apachectl configtest test result in your monitoring and alerting so you get warned before a configuration error becomes a problem.

HBruijn
  • 77,029
  • 24
  • 135
  • 201