TLS certificates/events

v7

(Dan) #1

NethServer Version: 7.4
Module: base

I have a Nethserver installation behind a firewall that won’t allow inbound HTTP connections, so the built-in Let’s Encrypt support won’t work. I’m still wanting to obtain a Let’s Encrypt cert, but I’ll do it using acme.sh and DNS validation–that much is easy enough. That leaves two questions, though:

  • Is there a preferred place for the cert/chain/key to be saved? I assume these can be set with db properties, but some locations would be better than others, no doubt.
  • What event reconfigures whatever services are using a TLS cert, to use a new one?

(Giacomo Sanchietti) #2

Of course:

  • certificates: `/etc/pki/tls/certs/``
  • private keys: /etc/pki/tls/private

But you can always use the web interface to upload the certificate as a custom one :slight_smile:

Execute:

signal-event certificate-update

(See also http://docs.nethserver.org/projects/nethserver-devel/en/v7/events.html#standard-events-and-their-arguments)


(Dan) #3

Sure, but I can’t automate that. And looks like the relevant config entries are under the pki key in the config database. Looks straightforward enough.