Closed ThallesP closed 4 months ago
I think the variable would be best move, I get that they need SSL to have an expiration.. same reason you want to update passwords pretty regularly.
I think the variable would be best move, I get that they need SSL to have an expiration.. same reason you want to update passwords pretty regularly.
I stay on the side of auto-renewing the SSL certificate, am I missing something here? Is there any downsides?
Actually yeah the auto-renew makes sense i guess i'm a bit of a control freak when it comes to swapping out old for new
With the added logic in PR #15 the template will automatically renew a certificate if it has or will expire within 30 days upon restart.
Once the new images are published you would need to redeploy once to get the new logic and after that a restart is sufficent.
Makes sense to have a SSL certificate with expiration date? can't the template just handle the SSL renew automatically?
I don't like the feeling that my applications will break in the future just because of a SSL certificate.
And it's possible to reload SSL certificates without server restart: https://stackoverflow.com/questions/21984553/postgresql-reload-ssl-conf-files-without-restart but couldn't find on how to do that, maybe just replacing the certificate Postgres will start to use the new?
If for some reason we can't do that, at least an option (enviroment variable?) to renew the certificate would be nice, because today we would need to a find way to browse the volume, delete the certificates and attach to the postgres app again.