Let's Ecnypt i.c.w. HTTPD 2.4.25 and HTTP/2

Hello,

Every time a new certificate is generated via the DirectAdmin Let's Encrypt module the httpd 2.4.25 fails to reload/restart. The server seems to be running, but is not responding anymore.

A manual command-line restart solves the issue, but that is not a solution i.c.w. the automatic generation of SSL-certificates.

Solutions are welcome, because I'm out of ideas. Disabled the functionality for the time being.

Did you have this problem before upgrading to Apache 2.4.25, or does it only happen when using Apache 2.4.25?

Hello,

I've did some additional digging on two different servers with the same behaviour. The generation of the certificate is going fine, but the restart/reload hangs. A manual restart works without a problem. Something at the end of the generation process seems to go wrong. Logs don't provide me any additional information. The server keeps running, but stops processing request until the manual restart. The problem occurs only in relation to Let's Encrypt a manual restart of a service via the DA-panel works fine.

The problem occurs on the following two configurations. Older configuration don't show this behaviour.

CentOS 7.3 - PHP-FPM 5.6/7.0 - Apache httpd 2.4.25 HTTP/2
CloudLinux 7.3 - Multiple PHP versions - Apache httpd 2.4.25 HTTP/2

zuijberknaf said:

Hello,

I've did some additional digging on two different servers with the same behaviour. The generation of the certificate is going fine, but the restart/reload hangs. A manual restart works without a problem. Something at the end of the generation process seems to go wrong. Logs don't provide me any additional information. The server keeps running, but stops processing request until the manual restart. The problem occurs only in relation to Let's Encrypt a manual restart of a service via the DA-panel works fine.

The problem occurs on the following two configurations. Older configuration don't show this behaviour.

CentOS 7.3 - PHP-FPM 5.6/7.0 - Apache httpd 2.4.25 HTTP/2
CloudLinux 7.3 - Multiple PHP versions - Apache httpd 2.4.25 HTTP/2

Click to expand...

If you do a manual httpd restart after that? ( So yes and it is working then same here)

Because after updating Apache 2.4.25 and letsencrypt to 1.04 we have also problems
Only restart works reload not!

directadmin apache reload httpd reload doesn't load certifates correct after updating letsencrypt from 1.0.3 to latest update to version 1.0.4 and apache from version 2.4.23 to 2.25


Only httpd restart loads them correctly, so https sites (maybe only with with http2 function from here http://forum.directadmin.com/showthread.php?t=52590 ??) doesn't work after a httpd reload.
Every cron job or update that do a httpd reload therefore break https sites, also the manual httpd reload from DA control panel breaks it.

Click to expand...

See follow the link here in forum, i don't know or its the http2 option or custombuild or????
http://forum.directadmin.com/showthread.php?t=54170&p=277735#post277735

If Centos 7 for example that is doing (depends also in Da config) default the gracefull restarts as a httpd reload.!
Probably then with gracefull restart.... going wrong to! ( Here it is going wrong!) ( i just edited the da.conf putting gracefull restarts =0 but i am not sure this is working for now? )

CentOS7, only> 1 php 5.6 FPM, http/2, apache 2.4.25 letsencrypt 1.04, Custombuild 2.0.0 (rev: 1630)

USING for updates here the Custombuild GUI API (Update) plugin from MB Martynas IT (SMTALK) you also?

Maybe it works if some of this steps doing again/repeat with the latest OPENSSL?
Also mention here there is a version 1.0.2k https://www.openssl.org/news/cl102.txt or the 1.0.2.j ?
http://forum.directadmin.com/showthread.php?t=52590 But apache 2.4.25 has many HTTP/2 changes so!?

I do not have any problems after testing with Apache 2.4.25. I am running CentOS 7.3, Apache 2.4.25, Letsencrypt 1.04, PHP 7.0.14 + mod_ruid2

Apache reloads correctly after installing a new Let's Encrypt certificate, and I see no problems.

I am not using http2, and only using default openssl from CentOS. So maybe that is the different that give you other the trouble? Also I am only running ONE php version.

Yea:

The HTTP/2 and maybe using the GUI Custombuildbuild updatescript are different parts we use as also
@zuijberknaf is using HTTP/2.

So take care of this wen so, while after every Tally and other actions where HTTPD/RELoads then HTTPS sites are unavialable! ( with HSTS pollicy this is then a real problem)

Hi,

I have exactly the same issue with 2 servers running Debian, Apache 2.4.25, php-fpm56, php-fpm70 and http/2
The command "service httpd reload" hangs the SSL sites.

The other servers without http/2 are working correctly with apache 2.4.25

Dan

Problem still exist someone knows howto solve????

The http/2 part something > http://forum.directadmin.com/showthread.php?t=52590 ?

or changing this script while only the reloading httpd is causing this behavior. ?
http://files.directadmin.com/services/custombuild/httpd_2 (https://forum.directadmin.com/showthread.php?t=53446&p=275755#post275755 )

or something in Custombuild2 ?