Changed LEAPI server cert file from tls_cert_path to tls_chain_path.

README.md

@@ -31,7 +31,11 @@ LEAPI operates in a multi-master configuration. When you add or delete a server
 - Download the LEAPI binary, or build from source.
 - Copy it to ```/opt/leapi```
 - You may use the included SystemD service file if you use a SystemD based distribution.
-- Edit the ```leapi_config.json``` file for your needs, leaving ```production``` set to ```false``` until setup is complete. Copy the config file to ```/opt/leapi``` or ```/etc```.
+- Edit the ```leapi_config.json``` file for your needs, leaving ```production``` set to ```false``` until setup is complete. Note: if you enable HTTPS in the config file, LEAPI needs a certificate to be able to start (it requires the ```tls_chain_path``` and ```tls_key_path```. You can generate a temporary self signed certificate and key with openssl:
+```
+openssl req -x509 -nodes -newkey rsa:4096 -keyout privkey.key -out cert.crt -sha256 -days 365
+```
+- Copy the config file to ```/opt/leapi``` or ```/etc```.
 - Install getssl
 ```
 curl --silent https://raw.githubusercontent.com/srvrco/getssl/latest/getssl > /opt/leapi/getssl ; chmod 700 /opt/leapi/getssl

leapi_config.json

@@ -19,7 +19,7 @@
 	"reload_command":"systemctl reload leapi ; systemctl restart nginx", 	//needs to match on all servers
 	"check_port":"443", //the port/service to check to verify cert installation (https/imap/imaps/xmpp/ftp/smtp)
 	"production":false, //if false, the staging LE server will be used. Set true to use the rate limited real server.
-	"secret_key":"jEn-vQ832h^01j2rUq0jd-svji8ejf"
+	"secret_key":"SecReT_KeY-4API-AuThenTiCaTiON"
 }
 
 

main.go

@@ -264,13 +264,13 @@ func main() {
 		syncPort = leapiconf.HTTPS_ServerPort
 
 		//certPair, err := tls.LoadX509KeyPair(leapiconf.TLSCertificateFile, leapiconf.TLSKeyFile)
-		if !fileExists(leapiconf.TLSCertFile) || !fileExists(leapiconf.TLSKeyFile) {
+		if !fileExists(leapiconf.TLSChainFile) || !fileExists(leapiconf.TLSKeyFile) {
 			fmt.Println("Provided certificate and/or key file does not exist! Terminating.")
 			log.Fatal("Provided certificate and/or key file does not exist! Terminating.")
 		}
 
 		//Create loader for cert files
-		kpr, err := NewKeypairReloader(leapiconf.TLSCertFile, leapiconf.TLSKeyFile)
+		kpr, err := NewKeypairReloader(leapiconf.TLSChainFile, leapiconf.TLSKeyFile)
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -375,8 +375,8 @@ func NewKeypairReloader(certPath, keyPath string) (*keypairReloader, error) {
 		c := make(chan os.Signal, 1)
 		signal.Notify(c, syscall.SIGHUP)
 		for range c {
-			log.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q", leapiconf.TLSCertFile, leapiconf.TLSKeyFile)
-			fmt.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q\n", leapiconf.TLSCertFile, leapiconf.TLSKeyFile)
+			log.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q", leapiconf.TLSChainFile, leapiconf.TLSKeyFile)
+			fmt.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q\n", leapiconf.TLSChainFile, leapiconf.TLSKeyFile)
 			if err := result.maybeReload(); err != nil {
 				log.Printf("Keeping old TLS certificate because the new one could not be loaded: %v", err)
 				fmt.Printf("Keeping old TLS certificate because the new one could not be loaded: %v", err)