Correct operation of client for certificates

Discussion in 'Server Operation' started by Juan Cubillo, Feb 14, 2023.

  1. Juan Cubillo

    Juan Cubillo New Member

    Hello everyone,
    I have a few public servers with correctly installed SSL certificates.
    However every time the client renews the certificates , I have to manually ssh into the servers, copy/paste the new cert contents to the specified Apache or Nginx paths, and reload the service.
    I recently came across the --install-cert flag and have been using it to move the certificate contents in an easier way... but still this has to be done manually SSHing into the server and running the command> --install-cert -d --cert-file /etc/pki/tls/certs/ --key-file /etc/pki/tls/private/ --fullchain-file /etc/pki/tls/certs/fullchain.cer --reloadcmd "systemctl restart httpd"​
    Is there any way to properly automate this? The certs are correctly being renewed every 2 months, but they are not being installed after renewal. What am I missing to completely forget about the certificates and let them renew & install themselves?
    Should I use the above line as a post-renewal hook maybe?
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Although I have not used, with certbot it works. Like you wrote, the pre- and post-hooks can run the needed code to set up the new certificates, and stop and start the services. A service continues to use the old certificate until it is restarted or otherwise forced to reload certificate.
    ahrasis likes this.

Share This Page