Hi Christine,
On Tue, Sep 28 2021, Christine Lemmer-Webber wrote:
Hm, in other words we really ought to run this attached to some
hook related to the letsencrypt services... when they renew
successfully, it should trigger this command, I'd think. We do
similar things for nginx, etc...
I'm pretty sure Guix doesn't do anything automatic when
certificates are renewed. For nginx there's an example in the
manual for how to set up a deploy hook to reload the
certificates[1], so I expect that you'll have to set up something
similar.
My prosody setup has this deploy hook:
(program-file
"reload-certificates"
#~(let ((prosodyctl (string-append #$(specification->package
"prosody")
"/bin/prosodyctl")))
(system* prosodyctl "--root" "cert" "import"
"/etc/letsencrypt/live")
(system* prosodyctl "reload")))
but I have recently had some trouble with it (prosody hasn't been
reloading the certificate properly). I don't think my issue is
related to this deploy hook, though.
I hope that helps!
Carlo
[1]:
https://guix.gnu.org/en/manual/en/html_node/Certificate-Services.html
