Hey, I submitted this as a ticket to enterprise support this morning but haven’t heard back so I figured I’d drop it in here too.
We are currently running Cells 2.2.12 Community (we have Ent lics, just haven’t had time to setup a new install)
I need to install a new SSL Cert asap as the old one is expiring on the 25th. I followed the instructions to use the command-line command “cells configure sites” and it asks me for the license files which I gave it, and it says it updates the site, but after restarting the service the old certificate is still being used.
I checked in “/home/pydio/.config/pydio/cells/certs” and the old files are still there, they are not being updated.
make a backup , (it usually works, but the sysadmin part in me is always feeling better saying so… )
go to the Admin Console > Backend > Software Update
click on the “Upgrade to Cells Enterprise” link
Accept the EULA
paste your license key.
Some checks are done in the background to insure that everything is OK and the Enterprise binary is downloaded, checked and replace the existing one, just like a normal update.
I checked in “/home/pydio/.config/pydio/cells/certs” and the old files are still there, they are not being updated.
Are you sure you have used the correct user when you launched the command ? This is a small gotcha and a potential place for improvment…
If you launch the command with the “root” user and the app run with “pydio” user, in fact you are not updating the correct file (in such case, you might want to perform some cleanings under /root/.config/pydio... )
Thanks @bsinou I was in fact using the wrong account to perform the change and that solved the one immediate issue!
However, I ran into another issue while trying to install the certificate. We have a GoDaddy cert that comes with an intermediate certificate and the instructions tell me to concatenate the two. This worked in previous versions of Cells, but apparently it no longer does. I attempted to install the combined certificate (cat’d together as per instructions) but the log file says the certificate and key do not match. I loaded the certificate without the intermediate cat’d and it worked fine.
I believe the key manager in this new version doesn’t work the way the documentation thinks it works.
For now, the site appears to be functioning without the intermediate certificate in all the browsers I’ve tried, but this should really be resolved both in my install and in your documentation.
Note, regarding the Enterprise lics, we are not upgrading the Community install because it’s an upgrade of v8->v1->v2 and we want to setup a fresh clean server. This one has…quirks.
It turns out that the failure to accept the intermediate chain certificate is a bit more pressing than I thought. We have another service that is integrated to Pydio and it uses the AWS S3 client to send files to Pydio. This connection is now failing due to the certificate being “invalid”. Apparently, the AWS S3 client needs that intermediate chain cert or it won’t work.
EDIT: for the time being I’ve disabled SSL verification in the S3 client, this has allowed the service to continue until a fix can be determined.
)