check_expired_certificates: automated certificate nenewal for letsencrypt
This change reduce maintenance effort by automating certificate renewal. When the NaviServer letsencrypt module is installed and configured, the background operation check_expired_certificates will automatically update the certificates when these expire soon (as defined by the "ExpireCertificateWarningPeriod" parameter of acs-admin). When a recent version of NaviServer is used that supports certificate refetch on SIGHUP, the new certificates are automatically updated without a server restart.
Prerequisites: - Recent version of letsencrypt NaviServer module installed (0.6) and configured - Recent version of NaviServer (currently Bitbucket tip) for automated certificate reloading
When the recent letsencrypt module is not installed, check_expired_certificates sends expiration warnings as usual. Therefore, it is also useful for sites using certificates from different sources.
This new functionality was used for latest certificate renewal on openacs.org.
Loading ...