https://bz.apache.org/bugzilla/show_bug.cgi?id=65860
--- Comment #3 from Stefan Eissing <ic...@apache.org> --- This will be hard to analyze. Let me explain: When a certificate for xxx.com is renewed. - $server_root/md/domains/xxx.com contains the working certs - $server_root/md/staging/xxx.com contains all about the renewal If the server reloads, it checks "staging/*" for complete file sets. When that indicates success, it - *creates* and *copies* a "tmp/xxx.com". The copy really parses key and certificates and PEM serializes them again - if *moves* the whole dir "domains/xxx.com" to "archive/xxx.com.N" to preserve the old file set - then it *moves* "tmp/xxx.com" to "domains/xxx.com". - then it *deletes" "staging/xxx.com" This is all done so that no interruption will produce a "half-updated" set of files where things do not match. In Apache httpd 2.4.49 the test for matching key and certificate was added during activation of a staging area to make sure mod_md never activates a set of files that do not match. You see, there is considerate thought gone into avoiding the thing you experienced. Especially with 2.4.49 or newer, the server should never load a cert+key that do not match, even if something was messed up in the "staging" subdir. Any thoughts? Otherwise I think we need to close this as not reproducable. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
