[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#50872: Prosody service + letsencrypt certs improvements
|
From: |
Christine Lemmer-Webber |
|
Subject: |
bug#50872: Prosody service + letsencrypt certs improvements |
|
Date: |
Wed, 29 Sep 2021 19:43:29 -0400 |
|
User-agent: |
mu4e 1.6.6; emacs 27.2 |
Carlo Zancanaro <carlo@zancanaro.id.au> writes:
> Hi Christine,
>
> On Tue, Sep 28 2021, Christine Lemmer-Webber wrote:
>> Hm, in other words we really ought to run this attached to some hook
>> related to the letsencrypt services... when they renew successfully,
>> it should trigger this command, I'd think. We do similar things for
>> nginx, etc...
>
> I'm pretty sure Guix doesn't do anything automatic when certificates
> are renewed. For nginx there's an example in the manual for how to set
> up a deploy hook to reload the certificates[1], so I expect that
> you'll have to set up something similar.
You're right... not sure why I thought it did.
> My prosody setup has this deploy hook:
>
> (program-file
> "reload-certificates"
> #~(let ((prosodyctl (string-append #$(specification->package
> "prosody")
> "/bin/prosodyctl")))
> (system* prosodyctl "--root" "cert" "import"
> "/etc/letsencrypt/live")
> (system* prosodyctl "reload")))
>
> but I have recently had some trouble with it (prosody hasn't been
> reloading the certificate properly). I don't think my issue is
> related to this deploy hook, though.
That seems great. I'll give it a try.
Since this isn't significantly different from other services then (well,
excepting that prosody needs to not just reload but have the import
command run again... but you've provided what looks like a good solution
above) I'm going to close this.
> I hope that helps!
It does, thanks!
> Carlo
>
> [1]:
> https://guix.gnu.org/en/manual/en/html_node/Certificate-Services.html