ClearOS Bug Tracker


View Revisions: Issue #22551 All Revisions ] Back to Issue ]
Summary 0022551: Hook to renew Let's Encrypt certificates not working
Revision 2018-12-12 09:18 by NickH
Description It looks like clearglass-community initialises itself taking a snapshot of the current Let's Encrypt certificate and key and places them in /var/lib/clearglass/config/ssl/certs. Unfortunately, when Let's Encrypt renews its certificates the new ones are not picked up by clearglass-community and the certificates eventually expire.

I did try configuring /var/lib/clearglass/config/ssl/nginx_certs.conf with paths to the Let's Ecrypt live certificates, but nginx cannot read them (chrooted environment or not able to follow symlinks possibly).

I've found a hook: /var/clearos/certificate_manager/state/clearglass.conf but it does not look like it is working.
Revision 2018-12-12 07:02 by NickH
Description It looks like clearglass-community initialises itself taking a snapshot of the current Let's Encrypt certificate and key and places them in /var/lib/clearglass/config/ssl/certs. Unfortunately, when Let's Encrypt renews its certificates the new ones are not picked up by clearglass-community and the certificates eventually expire.

A hook is needed for when the certificates are renewed, when the new certificates need to be copied to /var/lib/clearglass/config/ssl/certs and, presumably, the docker/nginx container needs restarting.

I did try configuring /var/lib/clearglass/config/ssl/nginx_certs.conf with paths to the Let's Ecrypt live certificates, but nginx cannot read them (chrooted environment or not able to follow symlinks possibly).