> On 31 Jul 2023, at 21:23, Ian Pilcher wrote:
>
> I have created service (along with an associated timer) that checks the
> remaining life of a TLS certificate and retrieves an updated certificate
> from Let's Encrypt if the remaining life is too short.
Certbot already knows how to do this.
On 7/31/23 17:18, Nils Kattenbeck wrote:
Huh, I am actually surprised to discover that httpd does not watch these
files itself.
To be honest, I never even considered the posibility that it might do
that. Unfortunately, testing reveals that it doesn't do so.
Regardless, I think the systemd
1. decide on a global path like `/run/http/restart'
2. give your LE script access to write there
3. use a `.path' unit to trigger on the file above being created and triggering
a one-liner that running as root restarts apache and deletes the file again
This way your “run as root” is limited to
That's how I do it. Path units are a good solution here as they maintain loose
coupling between the cert management and consumption.
On Mon, Jul 31, 2023, at 16:56, Max Gautier wrote:
> On Mon, Jul 31, 2023 at 03:23:26PM -0500, Ian Pilcher wrote:
>> I have created service (along with an
On Mon, Jul 31, 2023 at 03:23:26PM -0500, Ian Pilcher wrote:
> I have created service (along with an associated timer) that checks the
> remaining life of a TLS certificate and retrieves an updated certificate
> from Let's Encrypt if the remaining life is too short.
Is the updated certificate
What is the recommended way for a service that runs as a non-root user
to *conditionally* restart (or reload) another service?
I have created service (along with an associated timer) that checks the
remaining life of a TLS certificate and retrieves an updated certificate
from Let's Encrypt if