1
1
Are there any directives or constructs I can use in Apache 2.4 to prevent Apache from failing to load at all if a certificate file is missing for an https Virtualhost is missing.
(I am dealing with a process that - on a remote system - creates a configuration file and pushes it to Apache. The issue is that a secure certificate may not have been generated for all the hosts, and I don't want this to cause apache not to start).
Ideally I'd like something which effectivity says "If this file exists, load this virtualhost", or, if it needs to be done within a virtualhost "If file exists, use these directives/files, else use default directives/file" - but I've been unable to find any reference to a way to do this.
davidgo
Posted 2018-07-25T21:36:40.190
Reputation: 49 152
Could you adjust the script so a holding cert is always present in the event one doesn't generate? – Paul – 2018-07-26T01:13:47.120
Unfortunately this is not an option as the same config file is pushed to multiple servers with different active hosts, and the server generating it can't (as set up) see what certs are available. – davidgo – 2018-07-26T01:17:59.977
1(I appreciate I am not answering your specific question but I also cannot see a way to do it) Once the config file is pushed, apache must need to do a reload to fail because of missing certs. The process that triggers the reload could do an apache config test first, and populate missing certs where needed? – Paul – 2018-07-26T02:32:12.413
@Paul I'm reluctantly contemplating something of this nature - but I don't like it - ie find all the Certificate files in the config and ensure they exist. – davidgo – 2018-07-26T02:35:02.077
apachectl configtestwill do this for you, then you can parse the output to either automatically address issues, or alert you that something isn't right – Paul – 2018-07-26T02:39:59.980Thank you for the thought. I just tested it, and disappointingly discovered it only prints the first missing file – davidgo – 2018-07-26T02:44:16.280
Oh. Well that is crap! That would mean a loop testing and fixing which falls into the category of heading in the wrong direction in my book. – Paul – 2018-07-26T02:51:10.943