So as far as new filenames goes, I have been using https://github.com/Neilpang/acme.sh for awhile for other projects and it creates symlinks to the current cert, so this may be a more direct approach to dealing with this.
* Michael Ströder < michael@stroeder.com> [20190910 11:07]: On 9/10/19 3:34 PM, Howard Chu wrote:
Olivier wrote:
Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca> writes:
As the subject say, I'm contemplating the use of LetsEncrypt TLS certificates.
Is there a way to make slapd aware of a cert renewal (they happen every 90
days) without restarting it, ie, with minimal service interruption?
I *do* restart slapd after I installed the new Let's Encrypt
certificate.
Use ldapmodify to set the new cert in cn=config. No restarts needed.
Nitpicking:
This requires to use new file names for cert and key files, doesn't it?
This is what I figure too! Some LetsEncrypt pre- and post- hooks should do the trick though. I'll see what I can come up with. Thanks for the help, much appreciated! jf
Ciao, Michael.
|