OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 62445] New: Conditionally set the SSLCertificateFile when the file exists


https://bz.apache.org/bugzilla/show_bug.cgi?id=62445

            Bug ID: 62445
           Summary: Conditionally set the SSLCertificateFile when the file
                    exists
           Product: Apache httpd-2
           Version: 2.4.16
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: apache@xxxxxxxxxxxxxxx
  Target Milestone: ---

I am using Let's Encrypt (certonly) to generate SSL certificates for several
websites hosted on an Apache server. The file location of these certificates is
determinate before they are created, so I am writing their paths into my
virtual host configuration in advance. Once the site is running, I will use
certbot to get the certificate files and then reload the Apache configuration.

I also have a global SSL certificate defined with valid files, so every SSL
virtual host will be certain to have a certificate.

The problem I'm having is that Apache won't run without all the certificate
files, despite having a global fallback. I tried to conditionally configure the
Let's Encrypt certificate only when the file exists using IF, but Apache says
SSLCertificateFile not allowed here.

It should be possible to override the global SSLCertificateFile only when the
new certificate files exist. I'm trying to do all of this without having to
modify the configuration before and after the certificates have been generated.

Here is what I tried:

<If "-f '/etc/letsencrypt/live/domain/fullchain.pem'">
  SSLCertificateFile /etc/letsencrypt/live/domain/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/domain/privkey.pem
</If>
→ SSLCertificateFile not allowed here

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx