ssl_crtd crash and restart squid often appears in old my squid3.2.3, after upgrade to 3.2.13. This situation continues, twice a day or so, but will not lead to restart. In my squid3.2.13 cache log, double ssl_crtd exited everytime: (ssl_crtd): Cannot create ssl certificate or private key. 2013/08/26 09:16:17 kid1| WARNING: ssl_crtd #2 exited 2013/08/26 09:16:17 kid1| Too few ssl_crtd processes are running (need 3/32) 2013/08/26 09:16:17 kid1| Starting new helpers 2013/08/26 09:16:17 kid1| helperOpenServers: Starting 3/32 'ssl_crtd' processes (ssl_crtd): Cannot create ssl certificate or private key. 2013/08/26 09:16:18 kid1| "ssl_crtd" helper return <NULL> reply 2013/08/26 09:16:18 kid1| WARNING: ssl_crtd #1 exited 2013/08/26 09:16:18 kid1| Too few ssl_crtd processes are running (need 3/32) 2013/08/26 09:16:18 kid1| Starting new helpers 2013/08/26 09:16:18 kid1| helperOpenServers: Starting 3/32 'ssl_crtd' processes 2013/08/26 09:16:18 kid1| "ssl_crtd" helper return <NULL> reply My Conf: http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem key=/usr/local/squid/etc/key.pem ssl_bump deny localhost #some site I don't want to ssl_bump ssl_bump deny brokenssldst ssl_bump deny denysslbumpsite ssl_bump allow all #some site with broken certificate, but I need to ssl_bump sslproxy_cert_error allow brokensslsite sslproxy_cert_error deny all sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/ssldb -M 4MB -b 4096 sslcrtd_children 32 startup=5 idle=3 #running another simple squid on localhost for local and another squid. cache_peer server1.***.*** parent 3129 0 no-query no-digest no-netdb-exchange # I allow ssl bumped connections through parrent proxy through modify forward.cc for myself. Because I think local to local is safe. nonhierarchical_direct off prefer_direct off #if those site I don't want to ssl_bump, must directly out. always_direct allow brokensslsite never_direct allow all I don't know why ssl_crtd exited, and how to set up debug level? I can't find any ssl_crtd debug level document. Related to allow ssl bumped connections through parrent proxy? -- Regards, John Xue