From: "Lewis G Rosenthal" Received: from [173.72.248.214] (account lgrosenthal@2rosenthals.com HELO [192.168.201.141]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 11063064 for ecs-isp@2rosenthals.com; Fri, 04 Oct 2024 22:47:37 -0400 Subject: Re: [eCS-ISP] SSL certs & apache 2.4.61 To: eCS ISP Mailing List References: Organization: Rosenthal & Rosenthal, LLC Message-ID: <6700A8C8.5080704@2rosenthals.com> Date: Fri, 4 Oct 2024 22:47:36 -0400 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi... On 10/04/24 04:37 pm, Steven Levine wrote: > In , on 10/04/24 > at 01:58 PM, "Lewis G Rosenthal" said: > > Hi, > >> I don't quite think that's getting to the heart of what Max is asking >> (though it is the most correct approach). > I chose to ignore Massimo question as asked and chose to answer the > question that he should have asked. :-) >> What the actual question is (AFAICT) is whether there is a way to start >> httpd without one or more (mis)configured vhosts. As an example, say I >> have a server with 20 vhosts configured, and all but one get proper cert >> updates, leaving that one site "broken." httpd will refuse to start, and >> the other 19 vhosts are then also taken offline, just because of a >> single failure. So, is there a way to force Apache to ignore the broken >> vhost? >> The answer, of course, is no, there is no magic option to pass to httpd >> or put in the vhosts.conf (IF_NOT_BROKEN) to allow for such behavior. >> However, it is not necessary to go to great lengths to script anything, >> either. > FWIW, it's relatively trival to instrument the httpd conf files to start > only a selected set of virtual hosts. Depending on the number of hosts, > it might be easier to define the hosts not the be started. > > The basic logic in this case would be to define the hosts not to start in > a environment variable. Let's say > > set HOSTS_NOT_TO_START=,foobar, > > Each vitual host definition would be wrapped in and directive > > > > ServerName foobar > ... > > > > The commas make it easier to avoid false posiitives. > Surely, that should work as well as my approach to move the conf to an alternate directory, though ISTR some issue with checking variables in conf files where the variable does not exist (faded memory from something we were testing a couple decades ago, so perhaps I'm misremembering). This might complicate "off-the-cuff" startup of the daemon (but again, so would broken SSL configurations, so...)... > Of course trivial though it might be, the httpd conf edits are > sufficiently tedious so that I will continue to use httpd -t. > As I said, that is the correct way to do this. -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------