[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#50872: Prosody service + letsencrypt certs improvements
From: |
Christine Lemmer-Webber |
Subject: |
bug#50872: Prosody service + letsencrypt certs improvements |
Date: |
Tue, 28 Sep 2021 13:01:31 -0400 |
User-agent: |
mu4e 1.6.6; emacs 27.2 |
I finally got prosody working on my server using Guix. However, the
manual says:
Prosodyctl will also help you to import certificates from the
‘letsencrypt’ directory so that the ‘prosody’ user can access them. See
<https://prosody.im/doc/letsencrypt>.
prosodyctl --root cert import /etc/letsencrypt/live
However, what prosody actually does with this command is that it copies
the files from letsencrypt *over to* its own directory (but then also
restarts prosody... in theory). According to the docs:
This command can be put in cron or passed as a callback to automated
certificate renewal programs such as certbot or other Let's Encrypt
clients. For more information on using Prosody with these, see our
Let's Encrypt page.
Hm, in other words we really ought to run this attached to some hook
related to the letsencrypt services... when they renew successfully, it
should trigger this command, I'd think. We do similar things for nginx,
etc...
Thoughts? Does this seem right?
- Christine
- bug#50872: Prosody service + letsencrypt certs improvements,
Christine Lemmer-Webber <=