gustafn
committed
on 20 Jul
check_expired_certificates: automated certificate nenewal for letsencrypt

This change reduce maintenance effort by automating certificate
r… Show more
check_expired_certificates: automated certificate nenewal for letsencrypt

This change reduce maintenance effort by automating certificate

renewal. When the NaviServer letsencrypt module is installed and

configured, the background operation check_expired_certificates will

automatically update the certificates when these expire soon (as

defined by the "ExpireCertificateWarningPeriod" parameter of

acs-admin).  When a recent version of NaviServer is used that supports

certificate refetch on SIGHUP, the new certificates are automatically

updated without a server restart.

Prerequisites:

- Recent version of letsencrypt NaviServer module installed (0.6)

 and configured

- Recent version of NaviServer (currently Bitbucket tip) for automated

 certificate reloading

When the recent letsencrypt module is not installed,

check_expired_certificates sends expiration warnings as usual.

Therefore, it is also useful for sites using certificates from

different sources.

This new functionality was used for latest certificate renewal on

openacs.org.

Show less