Open atol71 opened 2 years ago
Hi,
One can use Letsencrypt deploy script for this:
#!/bin/bash echo "Letsencrypt renewal hook running..." echo "RENEWED_DOMAINS=$RENEWED_DOMAINS" echo "RENEWED_LINEAGE=$RENEWED_LINEAGE" if grep --quiet ">ipa_host_fqdn>" <<< "$RENEWED_DOMAINS"; then cp $RENEWED_LINEAGE/cert.pem /<path_to_ipa_accessable_folde>/cert.pem cp $RENEWED_LINEAGE/privkey.pem /<path_to_ipa_accessable_folde>/privkey.pem **** // inside docker a script to update certs for ipa: docker exec -it freeipa-serv /data/scripts/installCertsforHttp.sh // if not in docker restart ipa with: ipactl restart **** echo "ipa certs updated and ipa restarted" fi
If docker then (installCertsforHttp.sh):
#!/bin/bash ipa-server-certinstall -w -d /<path_to_docker_inside_folder>/privkey.pem /<path_to_docker_inside_folder>/cert.pem --pin='' --dirman-password=<pwd_to_prevent_query> ipactl restart
And this way letsencrypt certmonger do the work for renewal when needed.
Hi,
One can use Letsencrypt deploy script for this:
If docker then (installCertsforHttp.sh):
And this way letsencrypt certmonger do the work for renewal when needed.