Auto updating SSL certs with custom Apache site config

From a basic test, if I have customised /etc/apache2/sites-enabled/subdomain.domain.tld.conf to add some commands to say allow the running of Passenger for a ruby web app, I can get the SSL updates with sudo sympl-ssl --force subdomain.domain.tld, however when I run sudo sympl-web-configure --verbose the following output is provided:

Configuration: subdomain.domain.tld.conf
	Not updating configuration, as it has been edited by hand.
	Already enabled.

On checking the Apache config the SSL certificate has been kept at the older version, and isn’t using latest.

Is there any way to support SSL updates with a custom Apache config?

OS is Debian Buster.
On the testing version of Sympl.
(subdomain.domain.tld is adjusted to the appropriate domain).

Yes, edit the file /etc/apache2/sites-enabled/subdomain.domain.tld.conf and locae the the path to the SSL cert and key, which will be something like /srv/subdomain.domain.tld/config/ssl/sets/1/.

Change this to /srv/subdomain.domain.tld/config/ssl/current/ and it should be fine an pick up any changes to the cert when Apache is reloaded (which happens as part of the hooks for sympl-ssl).

The plan is that a later version of Sympl will simply default to using the config/ssl/current/ path, making this unnecessary, but it’s a workaround for now.

1 Like

One of the ways around this under symbiosis was to add an IncludeOptional directive to the master templates (ssl.template.erb & non_ssl.template.erb) with customisations kept in, say, config…

IncludeOptional /srv/<% domain %>/config/apache-*.conf

1 Like

@alphacabbage1 That’s a really good idea. Do you mind if I steal it for the next update?

1 Like

Feel free. Thanks :slight_smile:

1 Like

That’s done the trick, thanks.

For more complex adjustments, the IncludeOptional might not work.