Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x => Topic started by: uli334 on April 23, 2022, 07:26:17 AM

Title: SME10 frequently generates new ssl.crt and ssl.pem
Post by: uli334 on April 23, 2022, 07:26:17 AM: Hello,

within two weeks my SME10 has automaticly generatet new ssl.crt and ssl.pem.
I assume its after a reboot. Is that possible?
Its annoying because i use nextcloud connected to some devices.

But there is a special feature with my sme: i have extended the validness of the certificates up to 1826 days, as i did also on sme9.2:
Created a custom template:
- mkdir /etc/e-smith/templates-custom/home/
- mkdir /etc/e-smith/templates-custom/home/e-smith/
Then:
- cp /etc/e-smith/templates/home/e-smith/ssl.crt /etc/e-smith/templates-custom/home/e-smith/ssl.crt
In this template i changed "KEYLIFEINDAYS" to "1826"

Shut up with:
- rm /home/e-smith/ssl.crt/myserver.crt
- rm /home/e-smith/ssl.key/myserver.key
- rm /home/e-smith/ssl.pem/myserver.pem

- signal-event post-upgrade
- signal-event reboot

On SME 9.2 this functions without problems. Can this be the reason for often generating new certificates?

Greetings, Uli
Title: Re: SME10 frequently generates new ssl.crt and ssl.pem
Post by: Jean-Philippe Pialasse on April 23, 2022, 04:01:20 PM: what is the configuration of your sme?
gateway? server only?

what kind of wan connection? The ssl self signed cert include now all domains, sme local hosts and ip.
Whenever you alter one of them the cert will get generated again.

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies