From 7cf4d1d8fb174a95b149deded4d93c33d46409cb Mon Sep 17 00:00:00 2001
From: Roland Reichwein <mail@reichwein.it>
Date: Sun, 17 May 2020 14:32:29 +0200
Subject: Cert reload workaround

---
 debian/changelog | 6 ++++++
 https.cpp        | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index bfa16b1..9c13f87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+webserver (1.7) UNRELEASED; urgency=medium
+
+  * Omit PEM file reload. Access to files is denied because of dropped privileges.
+
+ -- Roland Reichwein <rr@antcom.de>  Sun, 17 May 2020 14:31:36 +0200
+
 webserver (1.6) unstable; urgency=medium
 
   * Webbox: Improved UI
diff --git a/https.cpp b/https.cpp
index a5aa118..0cbce8e 100644
--- a/https.cpp
+++ b/https.cpp
@@ -632,12 +632,14 @@ namespace HTTPS {
 Server::Server(Config& config, boost::asio::io_context& ioc, const Socket& socket, plugins_container_type& plugins, Statistics& statistics)
  : ::Server(config, ioc, socket, plugins, statistics)
  , m_certificates_timer(ioc, boost::asio::chrono::seconds(certificates_timer_seconds))
+#if 0 // problem: at this point, privileges are dropped and access to certbot keys is limited. File re-load fails with exception.
  , m_certificates_timer_callback {
    [&](const boost::system::error_code& error){
          reload_certificates();
          m_certificates_timer.expires_at(m_certificates_timer.expires_at() + boost::asio::chrono::seconds(certificates_timer_seconds));
          m_certificates_timer.async_wait(m_certificates_timer_callback);
    }}
+#endif
 {
  load_certificates(); // load initially
 
-- 
cgit v1.2.3