[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd and LetsEncrypt certificates: does a cert renewal necessitate a server restart?

* Michael Ströder <michael@stroeder.com> [20190910 11:07]:
> On 9/10/19 3:34 PM, Howard Chu wrote:
> >Olivier wrote:
> >>Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca> writes:
> >>
> >>>As the subject say, I'm contemplating the use of LetsEncrypt TLS certificates.
> >>>Is there a way to make slapd aware of a cert renewal (they happen every 90
> >>>days) without restarting it, ie, with minimal service interruption?
> >>
> >>I *do* restart slapd after I installed the new Let's Encrypt
> >>certificate.
> >
> >Use ldapmodify to set the new cert in cn=config. No restarts needed.
> Nitpicking:
> This requires to use new file names for cert and key files, doesn't it?

This is what I figure too! 
Some LetsEncrypt pre- and post- hooks should do the trick though.
I'll see what I can come up with.

Thanks for the help, much appreciated!

> Ciao, Michael.