So as far as new filenames goes, I have been using https://github.com/Neilpang/acme.sh <https://github.com/Neilpang/acme.sh> for awhile for other projects and it creates symlinks to the current cert, so this may be a more direct approach to dealing with this.
> On Sep 10, 2019, at 8:15 AM, Jean-Francois Malouin > <[email protected]> wrote: > > * Michael Ströder <[email protected]> [20190910 11:07]: >> On 9/10/19 3:34 PM, Howard Chu wrote: >>> Olivier wrote: >>>> Jean-Francois Malouin <[email protected]> writes: >>>> >>>>> As the subject say, I'm contemplating the use of LetsEncrypt TLS >>>>> certificates. >>>>> Is there a way to make slapd aware of a cert renewal (they happen every 90 >>>>> days) without restarting it, ie, with minimal service interruption? >>>> >>>> I *do* restart slapd after I installed the new Let's Encrypt >>>> certificate. >>> >>> Use ldapmodify to set the new cert in cn=config. No restarts needed. >> >> Nitpicking: >> This requires to use new file names for cert and key files, doesn't it? > > This is what I figure too! > Some LetsEncrypt pre- and post- hooks should do the trick though. > I'll see what I can come up with. > > Thanks for the help, much appreciated! > jf > >> >> Ciao, Michael. >> >
