From 87aac867820dc204c015cb71ec3148604998ea3b Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Mon, 16 Sep 2024 13:41:29 -0700 Subject: [PATCH] apache: Don't restart daemon when changing certificates Fixes: #2271 When domain name is updated, it usually results in a error page as the HTTP connection is broken in the middle of a page load. This is due to apache restarting in the middle of domain change operation by letsencrypt component. This also leads to several functional tests failing. To fix this, ensure that letsencrypt does a reload on the apache2 daemon instead of restarting it. 'reload' operation on apache2 triggers the command 'apachectl graceful'. It ensures that currently running continue to serve the open HTTP connection until the page load has been completed. After that those connections stop. Meanwhile, the server reloads configuration (and apparently the related TLS certificates too). Tests: - Unit tests pass. - When self-signed certificate is updated with 'make-ssl-cert generate-default-snakeoil --force-overwrite' and 'systemctl try-reload-or-restart apache2' is called, the new certificate is loaded by apache2. Browser shows the untrusted certificate warning again. The certificate information in the connection details has been updated. Signed-off-by: Sunil Mohan Adapa Reviewed-by: Veiko Aasa --- plinth/modules/apache/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plinth/modules/apache/__init__.py b/plinth/modules/apache/__init__.py index 628f7fc7b..14bde4e3a 100644 --- a/plinth/modules/apache/__init__.py +++ b/plinth/modules/apache/__init__.py @@ -55,7 +55,7 @@ class ApacheApp(app_module.App): self.add(freedombox_ports) letsencrypt = LetsEncrypt('letsencrypt-apache', domains='*', - daemons=['apache2']) + daemons=['apache2'], reload_daemons=True) self.add(letsencrypt) daemon = Daemon('daemon-apache', 'apache2')