|So as far as new filenames goes, I have been using https://github.com/Neilpang/acme.sh for awhile for other projects and it creates symlinks to the current cert, so this may be a more direct approach to dealing with this.|
* Michael Ströder <firstname.lastname@example.org
> [20190910 11:07]:
On 9/10/19 3:34 PM, Howard Chu wrote:
Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca> writes:
As the subject say, I'm contemplating the use of LetsEncrypt TLS certificates.
Is there a way to make slapd aware of a cert renewal (they happen every 90
days) without restarting it, ie, with minimal service interruption?
I *do* restart slapd after I installed the new Let's Encrypt
Use ldapmodify to set the new cert in cn=config. No restarts needed.
This requires to use new file names for cert and key files, doesn't it?
This is what I figure too!
Some LetsEncrypt pre- and post- hooks should do the trick though.
I'll see what I can come up with.
Thanks for the help, much appreciated!