apache: Generalize TLS config to use certificates only if available

- This allows TLS configuration to setup for domains that haven't yet successfully obtained certificates yet. Tests: - Apply the patch on a production configuration and ensure that LE certificates are properly used. - With full pathset applied, on a test container, add a domain and ensure that domain has its own site configuration and uses the snake-oil certificate. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-21 07:55:00 +00:00 · 2025-05-15 13:33:59 -07:00 · 2025-05-15 13:33:59 -07:00 · 0fa1dcf902
commit 0fa1dcf902
parent 8401b08357
1 changed files with 8 additions and 2 deletions
--- a/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf
+++ b/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf
@ -16,8 +16,14 @@
            SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

            # Automatically obtained certificates from Let's Encrypt
-            SSLCertificateFile /etc/letsencrypt/live/$domain/fullchain.pem
-            SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem
+            <IfFile /etc/letsencrypt/live/$domain/privkey.pem>
+                SSLCertificateFile /etc/letsencrypt/live/$domain/fullchain.pem
+                SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem
+            </IfFile>
+            <IfFile !/etc/letsencrypt/live/$domain/privkey.pem>
+                SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+            </IfFile>

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars