I run an ejabberd server on an Ubuntu 12.10 box and this week I started getting notified by my IM client that the server’s certificate had expired.
Here’s how I managed to generate a new certificate.
WARNING: this process backs up, deletes and then restores your ejabberd database, so it is probably fairly risky.
# Move any previous backups out of the way sudo mv /var/backups/ejabberd-* ~/Desktop/ # Move the expired certificate out of the way sudo mv /etc/ejabberd/ejabberd.pem /etc/ejabberd/ejabberd.pem.old # Reconfigure the ejabberd package (WARNING: backs up and deletes your database!) sudo dpkg-reconfigure ejabberd # Make the database backup file readable sudo chmod a+rx /var/backups/ejabberd-*/ sudo chmod a+r /var/backups/ejabberd-*/* # Restore the backup sudo ejabberdctl restore /var/backups/ejabberd-*/ejabberd-database
If you’re lucky, your server will now be back up with a new self-signed certificate.
In general, the policy of using dpkg-reconfigure to handle creating new self-signed certificate seems to work nicely.
Worked for me! :) Thanks
Thanks. That seems to have worked OK for me too. However I’m not sure about the restoring of the database. I get a file not found error at that stage, but I’m not clear what you’re restoring.
Are you restoring the database you just created, or should that last line reference the stuff you backed up to ~/Desktop?
I have a working system so I’m not /too/ concerned :-)
Hi Jim, that should be restoring the database you just created. Moving stuff to Desktop is just getting any old backups out of the way.
Why not use the routine creating the cert? In postinstall of debian ejabberd package it is (modified with the remove part):
$: cat /root/scripts/regenerate-ejabberd.pem.sh
#!/bin/bash
# script to generate new ejabberd.pem
# Making /etc/ejabberd/ejabberd.pem if it does not exist.
cd /etc/ejabberd
if [ -f ejabberd.pem ]
rm ejabberd.pem
fi
if [ ! -f ejabberd.pem ]
then
echo “Generating SSL certificate /etc/ejabberd/ejabberd.pem…”
EHOSTNAME=$(hostname -s 2>/dev/null || echo localhost)
EDOMAINNAME=$(hostname -d 2>/dev/null || echo localdomain)
openssl req -new -x509 -days 365 -nodes -out ejabberd.pem \
-keyout ejabberd.pem > /dev/null 2>&1 < last line is fi) and then make it executeable with chmod a+x
Thanks Andy, good suggestion.
This no longer works. Is there an update on how to do it with the latest ejabberd available with raspbian?