So... any chance a recent update overwrote my SSL keys?

cmhxaktsoft · September 2, 2016, 10:40pm

I performed an update of FreePBX (just now) and it’s terribly unhappy. /var/log/boot.log appears to be hung at:

Starting httpd: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server freepbx.company.domain:443 (RSA)
Enter pass phrase:

None of my certs have ever had passphrases on them, and every file in the /etc/asterisk/keys folder has a modified time of right around when I performed the updates. I’ve got backups somewhere, but I’ve got to figure out which ones are the right ones. (private keys don’t go in the nightly backups…) Needless to say, it’s kinda ruined my night. Any chance I missed something?

Thanks in advance!

cmhxaktsoft · September 2, 2016, 11:37pm

Well, I found the original keys. They were definitely not on the system after the update. I can’t say 100% for certain, but it really appears that the update overwrote all of my keys and certificates. Once I restored the original ones, everything was happy again, and I don’t have to re-key our company wildcard certificate.

Good thing I’m a packrat. Could’ve gotten ugly. I hope it was just me…

tm1000 · September 3, 2016, 2:56am

Freepbx has no ability to generate a certificate that requires a password as that would break many things.