Open benoitg opened 6 years ago
benoitg
commented
6 years ago I just realized I don't even need any kind of flow control or access mangling. If one executes the same code as when the ssl certificate form is saved, the new certificate will be imported in the keystore, which bypasses file permission issue (and associated additional security issue)
marclaporte
commented
6 years ago 
pcbaldwin
commented
6 years ago Getting there! The Certificate Manager was refactored, but there are about a dozen tracker items that need to be reviewed.
benoitg
commented
6 years ago @pcbaldwin Anything I can help with?
pcbaldwin
commented
6 years ago I'm still working on the tracker items. Thanks for asking.
The hotdeploy code for LetsEncrypt certificate has been disabled in app-openfire: https://github.com/WikiSuite/app-openfire/blob/4f035df45d872a8127fcaf5c493894dddd370758/libraries/Openfire.php#L374, which makes sense since it would only run if an admin edits the form.
However, we need the rpm to setup a system so the certificated are copied to the hotdeploy directory when Let's Encrypt renews them, using hooks in /etc/letsencrypt/renewal-hooks/