Skip to content
This repository has been archived by the owner on Oct 14, 2021. It is now read-only.

Hotdeploy of renewed LetsEncrypt certificates isn't handled #5

Open
benoitg opened this issue Apr 1, 2018 · 5 comments
Open

Hotdeploy of renewed LetsEncrypt certificates isn't handled #5

benoitg opened this issue Apr 1, 2018 · 5 comments

Comments

@benoitg
Copy link
Member

benoitg commented Apr 1, 2018

The hotdeploy code for LetsEncrypt certificate has been disabled in app-openfire: https://github.com/WikiSuite/app-openfire/blob/4f035df45d872a8127fcaf5c493894dddd370758/libraries/Openfire.php#L374, which makes sense since it would only run if an admin edits the form.

However, we need the rpm to setup a system so the certificated are copied to the hotdeploy directory when Let's Encrypt renews them, using hooks in /etc/letsencrypt/renewal-hooks/

@benoitg
Copy link
Member Author

benoitg commented Apr 16, 2018

I just realized I don't even need any kind of flow control or access mangling. If one executes the same code as when the ssl certificate form is saved, the new certificate will be imported in the keystore, which bypasses file permission issue (and associated additional security issue)

@marclaporte
Copy link
Member

Some progress on Let's Encrypt:
WikiSuite/app-lets-encrypt@04919fa
WikiSuite/app-lets-encrypt@764d0e8

@pcbaldwin
Copy link
Contributor

Getting there! The Certificate Manager was refactored, but there are about a dozen tracker items that need to be reviewed.

@benoitg
Copy link
Member Author

benoitg commented Oct 29, 2018

@pcbaldwin Anything I can help with?

@pcbaldwin
Copy link
Contributor

I'm still working on the tracker items. Thanks for asking.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants