English Forums > Documentation and Translation
Let's Encrypt "Automations" Documentation
(1/1)
hockey6611:
Is there a Let's Encrypt Acme page in the documentation site (docs.opnsense.org)? I have been unable to find it. I am wondering if there is an example of "automations" as indicated under the Edit Certificate page. I assume a command to restart webgui and/or haproxy would go here. Any help would be appreciated!
fraenki:
Unfortunately no, there is currently no documentation for LE Automations. (I suck at documentation.)
--- Quote from: hockey6611 on April 24, 2019, 06:56:28 am ---I assume a command to restart webgui and/or haproxy would go here. Any help would be appreciated!
--- End quote ---
What exactly do you want to achieve? What's your goal? :)
For example, if you want to automatically restart OPNsense's WebGUI when a certificate is renewed, then this is just a two step task:
1. create an Automation as shown on 1st attached image
2. add the Automation to your certificate as shown on 2nd attached image
Regards
- Frank
cab878:
Hi Fraenki, first time posting here on the OPNsense forum. I am also looking for guidance on Let's Encrypt Automation feature. I have successfully used the pre-defined options and uploaded my cert to my internal server.
However, I would like to know if it's possible to "fully" automate external host via triggering a script or simple service reload.
Currently, one of my home lab server running a Proxmox VE requires placing and naming the generated certs in a specific location and triggering a systemctl restart pveproxy to apply the new cert.
I would also like to know if it's possible to add my script to the system command lists. I attached a pic for reference.
fraenki:
--- Quote from: cab878 on April 11, 2020, 10:21:22 pm ---Hi Fraenki, first time posting here on the OPNsense forum. I am also looking for guidance on Let's Encrypt Automation feature. I
--- End quote ---
Welcome! Please post new questions on new threads. Thanks.
--- Quote from: cab878 on April 11, 2020, 10:21:22 pm ---However, I would like to know if it's possible to "fully" automate external host via triggering a script or simple service reload.
Currently, one of my home lab server running a Proxmox VE requires placing and naming the generated certs in a specific location and triggering a systemctl restart pveproxy to apply the new cert.
--- End quote ---
The plugin does not support remote commands. You could workaround this on your target host, for example by running something like this as a cronjob every hour or so:
--- Code: ---if diff /etc/ssl/old_cert.pem /etc/ssl/new_cert.pem >/dev/null; then
cp /etc/ssl/new_cert.pem /etc/ssl/old_cert.pem
systemctl restart myservice
fi
--- End code ---
The idea is simple: store a copy of the cert ("old_cert") in order to be able to know when it was changed. If a change is detected, restart the service as required. This could also be adopted for configuration management systems like Puppet or Chef.
Regards
- Frank
Navigation
[0] Message Index
Go to full version