httpd - set public/private key separately
Issue #475
resolved
With services like letsencrypt/certbot, it has become more and more common to have one pem
file containing the full chain of the public keys (meaning the public key of the certificate, the public key of the CA and optionally the public key of the root), and another pem
containing the private key of the certificate. With these services, they are expected to change every 30-60 days (automatically). (And I'm not sure if setting up a cron-job to "merge" these two, is the best way to go.)
Would be nice if we'd be able to set these two files separately, like you can do with nginx for example:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Comments (2)
-
-
repo owner - edited description
- changed status to resolved
fixed in monit 5.27.0, snip from changelog:
New: Add support for split certificate chain and key for the monit HTTP interface. Thanks to Lutz Mader for patch. Example: set httpd port 2812 with ssl { pemchain: /etc/ssl/certs/monit.chain.pem pemkey: /etc/ssl/certs/monit.key.pem } allow myuser:mypassword
- Log in to comment
I was struggling with this problem, too. I've created a renewal cron job that runs weekly that copies the contents of the private key and public keys as described above. The specific section is: