* Michael Ströder <[email protected]> [20190910 11:07]: > On 9/10/19 3:34 PM, Howard Chu wrote: > >Olivier wrote: > >>Jean-Francois Malouin <[email protected]> writes: > >> > >>>As the subject say, I'm contemplating the use of LetsEncrypt TLS > >>>certificates. > >>>Is there a way to make slapd aware of a cert renewal (they happen every 90 > >>>days) without restarting it, ie, with minimal service interruption? > >> > >>I *do* restart slapd after I installed the new Let's Encrypt > >>certificate. > > > >Use ldapmodify to set the new cert in cn=config. No restarts needed. > > Nitpicking: > This requires to use new file names for cert and key files, doesn't it?
This is what I figure too! Some LetsEncrypt pre- and post- hooks should do the trick though. I'll see what I can come up with. Thanks for the help, much appreciated! jf > > Ciao, Michael. >
