check_expired_certificates: automated certificate nenewal for letsencrypt
This change reduce maintenance effort by automating certificate renewal. When the NaviServer letsencrypt module is installed and configured, the background operation check_expired_certificates will automatically update the certificates when these expire soon (as defined by the "ExpireCertificateWarningPeriod" parameter of acs-admin). When a recent version of NaviServer is used that supports certificate refetch on SIGHUP, the new certificates are automatically updated without a server restart.
Prerequisites: - Recent version of letsencrypt NaviServer module installed (0.6) and configured - Recent version of NaviServer (currently Bitbucket tip) for automated certificate reloading
When the recent letsencrypt module is not installed, check_expired_certificates sends expiration warnings as usual. Therefore, it is also useful for sites using certificates from different sources.
This new functionality was used for latest certificate renewal on openacs.org.