• last updated 8 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
check_expired_certificates: automated certificate nenewal for letsencrypt

This change reduce maintenance effort by automating certificate

renewal. When the NaviServer letsencrypt module is installed and

configured, the background operation check_expired_certificates will

automatically update the certificates when these expire soon (as

defined by the "ExpireCertificateWarningPeriod" parameter of

acs-admin). When a recent version of NaviServer is used that supports

certificate refetch on SIGHUP, the new certificates are automatically

updated without a server restart.

Prerequisites:

- Recent version of letsencrypt NaviServer module installed (0.6)

and configured

- Recent version of NaviServer (currently Bitbucket tip) for automated

certificate reloading

When the recent letsencrypt module is not installed,

check_expired_certificates sends expiration warnings as usual.

Therefore, it is also useful for sites using certificates from

different sources.

This new functionality was used for latest certificate renewal on

openacs.org.

mark functions called only internally as private

  1. … 15 more files in changeset.
Prefer 'namespace which' over 'info commands', as it is faster (on local tests, around 2x) and returns a single value. Many thanks to Nathan Coulter.

  1. … 58 more files in changeset.
Fix proc doc

Adapt acs_admin::check_expired_certificates to return whether some expired certificates exist, then use this to test the proc

  1. … 1 more file in changeset.
whitespace cleanup

new feature: warn host administrator about expiring certificates

    • -0
    • +88
    ./acs-admin-procs.tcl
  1. … 2 more files in changeset.