From 0fa1dcf9028beb9ac8802680cea129bbf8af9412 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Thu, 15 May 2025 13:33:59 -0700 Subject: [PATCH] apache: Generalize TLS config to use certificates only if available - This allows TLS configuration to setup for domains that haven't yet successfully obtained certificates yet. Tests: - Apply the patch on a production configuration and ensure that LE certificates are properly used. - With full pathset applied, on a test container, add a domain and ensure that domain has its own site configuration and uses the snake-oil certificate. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- .../conf-available/freedombox-tls-site-macro.conf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf b/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf index a2ebf2342..bf79be3d3 100644 --- a/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf +++ b/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf @@ -16,8 +16,14 @@ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Automatically obtained certificates from Let's Encrypt - SSLCertificateFile /etc/letsencrypt/live/$domain/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem + + SSLCertificateFile /etc/letsencrypt/live/$domain/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem + + + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + SSLOptions +StdEnvVars