Commit 85576b09 authored by pedrolab's avatar pedrolab

slapd: weekly force-reload le certs

parent 64446ce6
......@@ -330,15 +330,16 @@ olcPasswordHash: {SSHA512}
*Use a guide to install letsencrypt certificates before continuing this guide*
Originally our Certs are stored in `/etc/letsencrypt/live/example.com` as symlinks but slapd needs a path to the files. Hence, at a cron.daily job that copy and dereference the link. Create a directory for it, for example:
Originally our certs are stored in `/etc/letsencrypt/live/example.com` as symlinks but slapd needs a path to the files. Hence, you have to run jobs periodically.
Start creating a directory to place the dereferenced certificatest, for example here:
mkdir -p /etc/slapd/tls
Edit `/etc/cron.daily/letsencrypt_dereference_certs`
Use a cron.daily job to copy and dereference the links. Edit `/etc/cron.daily/letsencrypt_dereference_certs`
```
#!/bin/bash
/bin/cp -rpL /etc/letsencrypt/live/xrcb.cat/* /etc/slapd/tls/
```
......@@ -346,6 +347,14 @@ add executable permissions
chmod +x /etc/cron.daily/letsencrypt_dereference_certs
Use a cron.weekly job to reload certificates on ldap server slapd. Edit `/etc/cron.weekly/slapd_letsencrypt_reload`
```
#!/bin/bash
/usr/sbin/service slapd force-reload
```
chmod +x /etc/cron.weekly/slapd_letsencrypt_reload
Modify `cn=config` to include certificate configuration
Edit `/etc/ldap/ldif/tls.ldif`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment