SSLCertificateChainFile obsolete for httpd >= 2.4.8
Posted: Thu 18. Jun 2020, 04:36
Hi there,
Just wanted to give you a heads up on SSLCertificateChainFile - it has been obsoleted. I've implemented a wildcard cert on my server and had to change the default SSL config from:
to
The file above has the wildcard's fullchain and privkey concatenated:
Might be an extra line in your installer but I think it's worth it, makes it manageable with less config changes and messing with immutable flags and so on. Heck you might even template the pem location and make it configurable (including for adding certificates vs only uploading one when it's perfectly fine sitting on the server itself, auto-updating with a cron).
Ok maybe this is more than 1 request per post, sorry
Specs: debian 10, keyhelp 20.1, httpd 2.4.38
Just wanted to give you a heads up on SSLCertificateChainFile - it has been obsoleted. I've implemented a wildcard cert on my server and had to change the default SSL config from:
Code: Select all
SSLCertificateFile /etc/ssl/keyhelp/keyhelp.pem
SSLCertificateChainFile /etc/ssl/keyhelp/keyhelp-ca.crt
Code: Select all
SSLCertificateFile /etc/ssl/keyhelp/keyhelp.pem
Code: Select all
cat /home/acmehelper/certs/domain.us/{fullchain,privkey}.pem > /etc/ssl/keyhelp/default.pem
Ok maybe this is more than 1 request per post, sorry
Specs: debian 10, keyhelp 20.1, httpd 2.4.38