I am having trouble updating the certificate.
SME server automatically generates a new certificate before the old one expires. However, the new certificate isn't used until you restart some services (or reboot the system):
http://bugs.contribs.org/show_bug.cgi?id=2257I host three domains on this box, but only the primary site has need for a certificate.
There's no way to use a certificate for some domains and not others (unless your visitors just don't happen to use https for the other domains).
When this machine was running SME 6 I used the how-to from Swerts-Knudsen, ...
That probably wasn't necessary.
and I wonder if I need to clean out the old cruft in order to straighten this out.
Possibly.
2. Does SME 7.3 support more than one cert per IP address?
SSL doesn't allow more than one cert per IP address, period.
3. Do I need one cert for each top level domain?
You can only use a different cert per domain if you have a different IP address per domain (and SME doesn't support that configuration).
4. Is there an update process I should follow?
This procedure will delete any existing certificates and generate new self-signed certificates for all services which use SSL. Use at your own risk (and backup first):
config delprop modSSL crt
config delprop modSSL key
config delprop modSSL CertificateChainFile
/bin/rm /home/e-smith/ssl*/*
signal-event post-upgrade
signal-event reboot
But reboot first - maybe you have a non-expired certificate and it's just not being used yet.
And secondly, report anything which doesn't "just work" via the bug tracker.
2 Replies
4256 Views