Page MenuHomeDevCentral

Allow to update SMTP server certificates
ClosedPublic

Authored by dereckson on Nov 3 2016, 14:37.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 15, 09:15
Unknown Object (File)
Sun, Dec 15, 09:15
Unknown Object (File)
Sun, Dec 15, 08:43
Unknown Object (File)
Sun, Dec 15, 08:30
Unknown Object (File)
Sun, Dec 15, 05:21
Unknown Object (File)
Mon, Dec 9, 18:03
Unknown Object (File)
Mon, Dec 2, 23:04
Unknown Object (File)
Sat, Nov 30, 23:28
Subscribers
None

Details

Summary

The SMTP server certificate is managed by Let's encrypt.
It's renewed by a timer on Dwellers introduced in cd39c567ec4f.

When renewed, it's only available for nginx, but must also be
deployed to the LXC mailserver container to be accessible by Postfix.

There is a work in progress to automate the process: as Let's encrypt
renew code runs in a Docker container without access to the LXC mail
container, we want to check file hashes to copy and restart when needed.

Meanwhile, this change allows manual certificate propagation.

Test Plan

Tested to solve T1038.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson retitled this revision from to Allow to update SMTP server certificates.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a reviewer: Sandlayth.
Sandlayth edited edge metadata.
This revision is now accepted and ready to land.Nov 3 2016, 17:45
This revision was automatically updated to reflect the committed changes.