--- a/debian/littlebird-tc-core.postinst	Fri Sep 02 01:14:40 2011 +0200
+++ b/debian/littlebird-tc-core.postinst	Fri Sep 02 10:03:28 2011 +0200
@@ -19,6 +19,8 @@
 # for details, see http://www.debian.org/doc/debian-policy/ or
 # the debian-policy package
 
+tmp=`mktemp`
+trap "rm -f $tmp" EXIT INT QUIT TERM
 
 case "$1" in
     configure)
@@ -71,10 +73,26 @@
 
     # snakeoil certificate
     if test "$crt" && test "$key" && ! test -f "$crt" && ! test -f "$key"; then
-	mkdir -p `dirname $crt`
-	mkdir -p `dirname $key`
-	openssl req -new -x509 -days 10 -subj "/O=DEMO/CN=$servername" \
-	    -out "$crt" -keyout "$key" -nodes
+	mkdir -p `dirname $crt` `dirname $key` || true
+
+	days=10
+
+	openssl req -new -x509 -days $days -subj "/O=DEMO/CN=$servername" \
+	    -out "$crt" -keyout "$key" -nodes 1>$tmp 2>&1 &
+	pid=$!
+
+	db_subst littlebird-tc/web/create-cert cn "$servername" || true
+	db_subst littlebird-tc/web/create-cert days $days || true
+	db_input medium littlebird-tc/web/create-cert || true
+	db_go || true
+
+	if ! wait $pid
+	then
+	    rm -f "$crt" "$key"
+	    cat $tmp >&2
+	    db_input critical littlebird-tc/web/cert-failed || true
+	    db_go || true
+	fi
     fi
 
     # tweak the config file, but just the lines following a magical
@@ -106,8 +124,9 @@
     )
 
 
-    invoke-rc.d apache2 reload 1>&1
-    echo >&2
+    db_stop || true
+    a2enmod ssl
+    invoke-rc.d apache2 reload >&2
 
     ;;