This repository has been archived by the owner on Oct 14, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Hotdeploy of renewed LetsEncrypt certificates isn't handled #5
Comments
I just realized I don't even need any kind of flow control or access mangling. If one executes the same code as when the ssl certificate form is saved, the new certificate will be imported in the keystore, which bypasses file permission issue (and associated additional security issue) |
Some progress on Let's Encrypt: |
Getting there! The Certificate Manager was refactored, but there are about a dozen tracker items that need to be reviewed. |
@pcbaldwin Anything I can help with? |
I'm still working on the tracker items. Thanks for asking. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The hotdeploy code for LetsEncrypt certificate has been disabled in app-openfire: https://github.com/WikiSuite/app-openfire/blob/4f035df45d872a8127fcaf5c493894dddd370758/libraries/Openfire.php#L374, which makes sense since it would only run if an admin edits the form.
However, we need the rpm to setup a system so the certificated are copied to the hotdeploy directory when Let's Encrypt renews them, using hooks in /etc/letsencrypt/renewal-hooks/
The text was updated successfully, but these errors were encountered: