List ecs-isp@2rosenthals.com Arkiverade meddelande #833 föregående meddelande nästa meddelande Tillbaks till lista

Från: "Steven Levine" <ecs-isp@2rosenthals.com> Meddelandehuvud
Oavkodat meddelande
Ämne: Re: [eCS-ISP] Apache HTTPS
Datum: Thu, 15 Aug 2024 14:26:12 -0700
Till: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-10601870@2rosenthals.com>, on 08/16/24
   at 06:26 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:

Hi Paul,

>https://smedley.id.au/tmp/uacme-1.0.19-os2-20240816.zip is there now.

This one understands @unixroot.  Thanks.

>Additional change is that it uses symlink() rather than link().

I don't think this is going to work for use in practice.  When updating a
certificate what uacme does is

  create a new-crt.pem and new-key.pem
  hardlink the existing key.pem to timestamped-key.pem
  hardlink the existing crt.pem to timestamped-crt.pem
  unlink key.pem
  unlink crt.pem
  rename new-crt.pem to crt.pem
  rename new-key.pem to key.pem

With a symlink timestamped-key.pem will not contain the the content of
key.pem, so there will be no useful backup.  The is why is suggested that
the link needed to be replaced with a copy operation.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------
Prenumerera: Sändning, Uppsamling, Index.
Stoppa prenumeration
Meddelande till ListMaster