[v2,3/3] generate ECDSA certificate and key on existing installations
Commit Message
Generate ECDSA certificate and key file on existing installations
via the update.sh script.
This is required since Apache crashes if some Certificate(Key)File
directives point to non-existing files:
Restarting Apache daemon...
Syntax error on line 17 of /etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf:
SSLCertificateFile: file '/etc/httpd/server-ecdsa.crt' does not exist or is empty
Key generation only takes a few seconds even on legacy systems. Also
existing installations will then use ECDSA/RSA certificate dual-stack.
Changes from v1: Use the httpscert script (never repeat yourself) and restart
Apache afterwards to load the changes.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
@@ -35,6 +35,7 @@ done
openvpnctrl -k
openvpnctrl -kn2n
+
# Extract files
extract_files
@@ -44,10 +45,13 @@ ldconfig
# Update Language cache
#/usr/local/bin/update-lang-cache
+# generate ECDSA certificate and key file to prevent Apache from crashing on existing installations
+/usr/local/bin/httpscert
+
# Start services
openvpnctrl -s
openvpnctrl -sn2n
-
+/etc/init.d/apache restart
# This update need a reboot...
#touch /var/run/need_reboot