mirror of https://github.com/zulip/zulip.git
install: Expand error message for missing SSL cert slightly.
It wasn't obvious reading this message that you can perfectly well bring your own SSL/TLS certificate; unless you read quite a bit between the lines where we say "could not find", or followed the link to the detailed docs, the message sounded like you had to either use --certbot or --self-signed-cert. So, explicitly mention the BYO option. Because the "complete chain" requirement is a bit tricky, don't try to give instructions for it in this message; just refer the reader to the docs. Also, drop the logic to identify which of the files is missing; it certainly makes the code more complex, and I think even the error message is actually clearer when it just gives the complete list of required files -- it's much more likely that the reader doesn't know what's required than that they do and have missed one, and even then it's easy for them to look for themselves.
This commit is contained in:
parent
6a11ff5b28
commit
e8be968250
|
@ -112,15 +112,20 @@ fi
|
||||||
# Check early for missing SSL certificates
|
# Check early for missing SSL certificates
|
||||||
if [ "$PUPPET_CLASSES" = "zulip::voyager" ] && [ -z "$USE_CERTBOT""$SELF_SIGNED_CERT" ] && { ! [ -e "/etc/ssl/private/zulip.key" ] || ! [ -e "/etc/ssl/certs/zulip.combined-chain.crt" ]; }; then
|
if [ "$PUPPET_CLASSES" = "zulip::voyager" ] && [ -z "$USE_CERTBOT""$SELF_SIGNED_CERT" ] && { ! [ -e "/etc/ssl/private/zulip.key" ] || ! [ -e "/etc/ssl/certs/zulip.combined-chain.crt" ]; }; then
|
||||||
set +x
|
set +x
|
||||||
echo
|
|
||||||
echo "Could not find SSL certificates!"
|
|
||||||
for f in "/etc/ssl/private/zulip.key" "/etc/ssl/certs/zulip.combined-chain.crt"; do
|
|
||||||
[ -e "$f" ] || echo " - $f is missing!"
|
|
||||||
done
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
|
|
||||||
See https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html for help.
|
No SSL certificate found. One or both required files is missing:
|
||||||
For non-production testing, try the --self-signed-cert option.
|
/etc/ssl/private/zulip.key
|
||||||
|
/etc/ssl/certs/zulip.combined-chain.crt
|
||||||
|
|
||||||
|
Suggested solutions:
|
||||||
|
* For most sites, the --certbot option is recommended.
|
||||||
|
* If you have your own key and cert, see docs linked below
|
||||||
|
for how to install them.
|
||||||
|
* For non-production testing, try the --self-signed-cert option.
|
||||||
|
|
||||||
|
For help and more details, see our SSL documentation:
|
||||||
|
https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html
|
||||||
|
|
||||||
Once fixed, just rerun scripts/setup/install; it'll pick up from here!
|
Once fixed, just rerun scripts/setup/install; it'll pick up from here!
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue