Skip to main content

apache2ctl configtest does not include checking SSL certificates

Today I renewed some of my SSL certificates and suddenly Apache2 was no longer starting. A apache2ctl configtest says all was fine. So I checked log files but found that there was a configuration error, which I wonder why the two different messages can happen.

As it turned out, one of the PEM files only contained DH parameters and no real certificate. After I added the cert block from a backup, the apache2 started again. After a renewing of the certificate, I can again access my SSL-secured website again (it is my personal #invidious proxy).

I wanted to share this with you, including !Friendica Admins to save you a lot of time investigating it. So apache2ctl configtest does NOT check validity of SSL certificates but on startup of Apache2 they are being checked.

Friendica Admins reshared this.

Also if using letsencrypt, "certbot certificates" is your friend.
@Adam I can do it similar here: ./ friendica or any other name as it is the same for certificate file and openssl-friendica.cnf file. I then need to restart proper services, e.g. for mail I restart both Postfix and Courier.
I know I'm tired when I didn't even notice the body of your post as it contained a word that I have for folding them up... so I thought your post was just the title.

My reply wasn't all the helpful then. heh! Sorry about that.
@Hans Wolters I'm using a custom version of tiny-acme and my LE stuff is in /var/www/letsencrypt/ including shell scripts and thea ACME client.