Hi,
currently we use the froxlor-server-hostname generated lets-encrypt certificate also for services like proftpd, postfix and dovecot.
Additionally we check for refreshed certs and if new certs arrive we reload those services so they take up the new cert before the old one expires.
Now the froxlor:config-services option using froxlor-cli is a great tool to get thing fixed up - especially after major updates on the system-level.
Yet it creates a default-set for its certificates like ssl-cert-snakeoil.pem for postfix+dovecot and its very own proftp-cert.
For postfix+dovecot we migth workaround by using symlinks from snakeoil to the /etc/ssl/froxlor-custom/<server-hostname.crt> but proftp doesn't give us this easy way out.
So basically my question would be: How about a switch for the config-services script to keep current tls/ssl settings but replace the other config parts?
Or a way to specify one's own certificate-files for some/all services?
I believe this would make life a lot easier when going for new ubuntu/debian releases that basically require to re-create (or re-check) a lot of configs for froxlor.
Question
hk@
Hi,
currently we use the froxlor-server-hostname generated lets-encrypt certificate also for services like proftpd, postfix and dovecot.
Additionally we check for refreshed certs and if new certs arrive we reload those services so they take up the new cert before the old one expires.
Now the froxlor:config-services option using froxlor-cli is a great tool to get thing fixed up - especially after major updates on the system-level.
Yet it creates a default-set for its certificates like ssl-cert-snakeoil.pem for postfix+dovecot and its very own proftp-cert.
For postfix+dovecot we migth workaround by using symlinks from snakeoil to the /etc/ssl/froxlor-custom/<server-hostname.crt> but proftp doesn't give us this easy way out.
So basically my question would be: How about a switch for the config-services script to keep current tls/ssl settings but replace the other config parts?
Or a way to specify one's own certificate-files for some/all services?
I believe this would make life a lot easier when going for new ubuntu/debian releases that basically require to re-create (or re-check) a lot of configs for froxlor.
thx
hk
5 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now