Univention Bugzilla – Bug 39476
Allow Apache restart during remote setup
Last modified: 2015-11-17 12:12:18 CET
Currently, the Apache restarted is blocked during the system setup. The restart uses the new SSL configuration / certificate. If the setup is done via HTTPS on an external browser, the browser won't get a valid answer.
We should load the new certificate after the setup has been finished even if apache is restarted during the setup.
After fixing this issue, the apache reload workaround should be removed from the SAML join script.
setup-join.sh now calls /usr/share/univention-updater/disable-apache2-umc with "--exclude-apache" (no longer removes execution bits from apache), copies the current certificate, key and ca to temporary files and sets apache2/ssl variables to these files.
Even if apache is restarted during setup (which is now possible) the old certificates are used.
To cleanup script cleanup-pre.d/99_restart_umc simply unsets the apache2/ssl variables and restarts apache. So after the cleanup apache ssl uses the new certificates (created during setup).
The remote HTTPS configuration via system setup is now possible and I've removed the apache reload workaround from the SAML join script. The apache is restarted during the setup.
UCS 4.1 has been released:
If this error occurs again, please use "Clone This Bug".