Mailing List ecs-isp@2rosenthals.com Archived Message #833 previous message next message tilbake listen

Fra: "Steven Levine" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Emne: Re: [eCS-ISP] Apache HTTPS
Dato: Thu, 15 Aug 2024 14:26:12 -0700
Til: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-10601870@2rosenthals.com>, on 08/16/24
   at 06:26 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:

Hi Paul,

>https://smedley.id.au/tmp/uacme-1.0.19-os2-20240816.zip is there now.

This one understands @unixroot.  Thanks.

>Additional change is that it uses symlink() rather than link().

I don't think this is going to work for use in practice.  When updating a
certificate what uacme does is

  create a new-crt.pem and new-key.pem
  hardlink the existing key.pem to timestamped-key.pem
  hardlink the existing crt.pem to timestamped-crt.pem
  unlink key.pem
  unlink crt.pem
  rename new-crt.pem to crt.pem
  rename new-key.pem to key.pem

With a symlink timestamped-key.pem will not contain the the content of
key.pem, so there will be no useful backup.  The is why is suggested that
the link needed to be replaced with a copy operation.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------
Abboner: Feed, Digest, Index.
Stopp abbonement
E-post til ListMaster