diff mbox series

[v2,3/3] generate ECDSA certificate and key on existing installations

Message ID 20171004213820.125b7aae.peter.mueller@link38.eu
State Superseded
Headers
Series [v2,1/3] add ECDSA key generation to httpscert |

Commit Message

Peter Müller Oct. 5, 2017, 6:38 a.m. UTC 
  Generate ECDSA certificate and key file on existing installations
via the update.sh script.

This is required since Apache crashes if some Certificate(Key)File
directives point to non-existing files:

Restarting Apache daemon...
Syntax error on line 17 of /etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf:
SSLCertificateFile: file '/etc/httpd/server-ecdsa.crt' does not exist or is empty

Key generation only takes a few seconds even on legacy systems. Also
existing installations will then use ECDSA/RSA certificate dual-stack.

Changes from v1: Use the httpscert script (never repeat yourself) and restart
Apache afterwards to load the changes.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>

---
diff mbox series

Patch

diff --git a/config/rootfiles/core/115/update.sh b/config/rootfiles/core/115/update.sh
index e0ee121ce..afeeca14a 100644
--- a/config/rootfiles/core/115/update.sh
+++ b/config/rootfiles/core/115/update.sh
@@ -35,6 +35,7 @@  done
 openvpnctrl -k
 openvpnctrl -kn2n
 
+
 # Extract files
 extract_files
 
@@ -44,10 +45,13 @@  ldconfig
 # Update Language cache
 #/usr/local/bin/update-lang-cache
 
+# generate ECDSA certificate and key file to prevent Apache from crashing on existing installations
+/usr/local/bin/httpscert
+
 # Start services
 openvpnctrl -s
 openvpnctrl -sn2n
-
+/etc/init.d/apache restart
 
 # This update need a reboot...
 #touch /var/run/need_reboot