Koozali.org: home of the SME Server

SME10 frequently generates new ssl.crt and ssl.pem

Offline uli334

  • ***
  • 119
  • +0/-0
SME10 frequently generates new ssl.crt and ssl.pem
« on: April 23, 2022, 07:26:17 AM »
Hello,

within two weeks my SME10 has automaticly generatet new ssl.crt and ssl.pem.
I assume its after a reboot. Is that possible?
Its annoying because i use nextcloud connected to some devices.

But there is a special feature with my sme: i have extended the validness of the certificates up to 1826 days, as i did also on sme9.2:
Created a custom template:
    - mkdir /etc/e-smith/templates-custom/home/
    - mkdir /etc/e-smith/templates-custom/home/e-smith/
Then:
    - cp /etc/e-smith/templates/home/e-smith/ssl.crt /etc/e-smith/templates-custom/home/e-smith/ssl.crt
In this template i changed "KEYLIFEINDAYS" to "1826"

Shut up with:
- rm /home/e-smith/ssl.crt/myserver.crt
- rm /home/e-smith/ssl.key/myserver.key
- rm /home/e-smith/ssl.pem/myserver.pem

- signal-event post-upgrade
- signal-event reboot

On SME 9.2 this functions without problems. Can this be the reason for often generating new certificates?

Greetings, Uli

Offline Jean-Philippe Pialasse

  • *
  • 2,166
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: SME10 frequently generates new ssl.crt and ssl.pem
« Reply #1 on: April 23, 2022, 04:01:20 PM »
what is the configuration of your sme?
gateway? server only?

what kind of wan connection? The ssl self signed cert include now all domains, sme local hosts and ip. 
Whenever you alter one of them the cert will get generated again.