Fisheye: changeset oacs-5-10:gustafn:20210720091727

gustafn

committed

oacs-5-10:gustafn:20210720091727

on 20 Jul 21

check_expired_certificates: automated certificate nenewal for letsencrypt

This change reduce maintenance effort by automating certificate
r… Show more

check_expired_certificates: automated certificate nenewal for letsencrypt

This change reduce maintenance effort by automating certificate

renewal. When the NaviServer letsencrypt module is installed and

configured, the background operation check_expired_certificates will

automatically update the certificates when these expire soon (as

defined by the "ExpireCertificateWarningPeriod" parameter of

acs-admin). When a recent version of NaviServer is used that supports

certificate refetch on SIGHUP, the new certificates are automatically

updated without a server restart.

Prerequisites:

- Recent version of letsencrypt NaviServer module installed (0.6)

and configured

- Recent version of NaviServer (currently Bitbucket tip) for automated

certificate reloading

When the recent letsencrypt module is not installed,

check_expired_certificates sends expiration warnings as usual.

Therefore, it is also useful for sites using certificates from

different sources.

This new functionality was used for latest certificate renewal on

openacs.org.

Show less

oacs-5-10:gustafn:20210715131748

oacs-5-10

Options