I made a openssl certification but i don't want it anymore so how do i remove it?
I used this Guide: https://github.com/PrusaMK2Users/MK2_Tips_and_Tricks/wiki/Generating-a-new-SSL-certificate-for-OctoPi
If you followed the tutorial exactly, it may be as simple as deleting the files listed here:
ls -l /etc/ssl/newcert.*
ls -l /etc/ssl/snakeoil.pem
Followed by restarting the haproxy service as you did before.
1 Like
when i do:
ls -l /etc/ssl/newcert.*
it says:
ls: cannot access '/etc/ssl/newcert.*': No such file or directory
Your earlier tutorial had you start the session as the root user. And this user should have the correct rights to see into any system-wide folders.
I see from the OctoPi repository that this is part of the setup (so we go to school on this):
# Not expected to work
rm /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
But of course, the pi user wouldn't be able to do that. I assume that script would be running as root, as in...
# Now with enough rights to work
sudo rm /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
I have to admit that I'm confused at this point. The OctoPi image refers to the snakeoil.pem path as /etc/ssl. But then there's a script which generates the right stuff (at bootup):
#!/bin/sh
keyfile=/etc/ssl/private/ssl-cert-snakeoil.key
pemfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
certfile=/etc/ssl/snakeoil.pem
if [ ! -f $keyfile ] || [ ! -s $keyfile ] || [ ! -f $pemfile ] || [ ! -s $pemfile ] || [ ! -f $certfile ] || [ ! -s $certfile ]; then
echo "Generating SSL certificate"
sudo make-ssl-cert generate-default-snakeoil --force-overwrite
sudo cat $keyfile $pemfile > $certfile
fi
Alright, I get it now. I guess then here's is the expected magic to get back to square one (final answer):
sudo rm /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
sudo rm /etc/ssl/*.pem /etc/ssl/newcert.*
sudo reboot
OctoPi's gencert service should automatically generate a new PEM file at bootup.
1 Like