Hotdeploy of renewed LetsEncrypt certificates isn't handled

Question

Hotdeploy of renewed LetsEncrypt certificates isn't handled

benoitg opened this issue 7 years ago · 5 comments

The hotdeploy code for LetsEncrypt certificate has been disabled in app-openfire: https://github.com/WikiSuite/app-openfire/blob/4f035df45d872a8127fcaf5c493894dddd370758/libraries/Openfire.php#L374, which makes sense since it would only run if an admin edits the form.

However, we need the rpm to setup a system so the certificated are copied to the hotdeploy directory when Let's Encrypt renews them, using hooks in /etc/letsencrypt/renewal-hooks/

Answer 1 · 2018-04-16T13:26:35.000Z

I just realized I don't even need any kind of flow control or access mangling. If one executes the same code as when the ssl certificate form is saved, the new certificate will be imported in the keystore, which bypasses file permission issue (and associated additional security issue)

Answer 2 · 2018-10-19T02:07:41.000Z

Some progress on Let's Encrypt:
WikiSuite/app-lets-encrypt@04919fa
WikiSuite/app-lets-encrypt@764d0e8

Answer 3 · 2018-10-19T19:12:11.000Z

Getting there! The Certificate Manager was refactored, but there are about a dozen tracker items that need to be reviewed.

Answer 4 · 2018-10-29T20:47:46.000Z

@pcbaldwin Anything I can help with?

Answer 5 · 2018-10-30T18:12:37.000Z

I'm still working on the tracker items. Thanks for asking.