Generate ECDSA certificate and key file on existing installations via the update.sh script.
This is required since Apache crashes if some Certificate(Key)File directives point to non-existing files:
Restarting Apache daemon... Syntax error on line 17 of /etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf: SSLCertificateFile: file '/etc/httpd/server-ecdsa.crt' does not exist or is empty
Key generation only takes a few seconds even on legacy systems. Also existing installations will then use ECDSA/RSA certificate dual-stack.
Changes from v1: Use the httpscert script (never repeat yourself) and restart Apache afterwards to load the changes.
Signed-off-by: Peter Müller peter.mueller@link38.eu --- diff --git a/config/rootfiles/core/115/update.sh b/config/rootfiles/core/115/update.sh index e0ee121ce..afeeca14a 100644 --- a/config/rootfiles/core/115/update.sh +++ b/config/rootfiles/core/115/update.sh @@ -35,6 +35,7 @@ done openvpnctrl -k openvpnctrl -kn2n
+ # Extract files extract_files
@@ -44,10 +45,13 @@ ldconfig # Update Language cache #/usr/local/bin/update-lang-cache
+# generate ECDSA certificate and key file to prevent Apache from crashing on existing installations +/usr/local/bin/httpscert + # Start services openvpnctrl -s openvpnctrl -sn2n - +/etc/init.d/apache restart
# This update need a reboot... #touch /var/run/need_reboot