Code review comment for lp://staging/~dpb/charms/precise/apache2/avoid-regen-cert

Hello David,

Thanks for your submission. I understand your motivation, but i am unsure if we should force to keep the same certificate without having an configuration option to force the certificate re-generation.

My suggestions for your changes:

- Implement a configuration directive ( ssl_cert_regenerate ) to allow users to force the self-signed certificate generation. Which would be the first check to do.

- On the function is_selfsigned_cert_stale() Please check first if the private key has changed (available on config.get('ssl_keylocation') that will allow us to determine quicker is the certificate is stale.

Please Let me know your observations.