Conversation
Notices
-
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 21-Jan-2025 07:26:58 JST feld
Apache's mod_md (automatically gets certs like Caddy) works pretty well - Another Linux Walt Alt likes this.
-
Embed this notice
Pissed Hippo (sun@shitposter.world)'s status on Tuesday, 21-Jan-2025 07:27:29 JST Pissed Hippo
@feld are we back to using apache again -
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 21-Jan-2025 07:27:57 JST feld
@sun it has features I can't get elsewhere Pissed Hippo likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 21-Jan-2025 07:41:30 JST feld
@i And some modules have features missing intentionally requiring you get the non-free version -
Embed this notice
:blank: (i@declin.eu)'s status on Tuesday, 21-Jan-2025 07:41:32 JST :blank:
@feld too bad nginx has a dozen unmaintained modules instead of something usable, even though forks like angie manage to maintain theirs just fine -
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 21-Jan-2025 08:14:03 JST `Da Elf
@feld @i
I'm old Apache, I want to like ngenix, and I don't.feld likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 21-Jan-2025 13:36:24 JST feld
@smortex yeah looks like the trick is to set MDNotifyCmd to something that will reload or restart the service (is a reload sufficient?) -
Embed this notice
Romain Tartière 😈 (smortex@mamot.fr)'s status on Tuesday, 21-Jan-2025 13:36:26 JST Romain Tartière 😈
@feld 💯
I guess that the only thing that could be better is that the service take new certificates into account automagically instead of saying that a service restart is required in the logs.
-
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 21-Jan-2025 13:43:31 JST feld
@smortex Did anyone give a good reason why it requires manual intervention like this? The ability to notify on events with a command is potentially very useful but requiring it to make the new cert active is very weird -
Embed this notice
Romain Tartière 😈 (smortex@mamot.fr)'s status on Tuesday, 21-Jan-2025 13:43:33 JST Romain Tartière 😈
@feld Yep! There is also MDMessageCmd which is newer and offer more flexibility. I have yet to switch to it, for now I `/usr/local/bin/sudo /usr/sbin/service apache24 graceful` but the doc says that a reload will do the right thing (maybe it was not the case or at least not documented when I setup mod_md almost 5 years ago).