HomeDevCentral
Diffusion Nasqueron Operations 4d9fcc57d6fc

Allow to update SMTP server certificates
Concern Raised4d9fcc57d6fc
Actions

Description

Allow to update SMTP server certificates

Summary:
The SMTP server certificate is managed by Let's encrypt.
It's renewed by a timer on Dwellers introduced in cd39c567ec4f.

When renewed, it's only available for nginx, but must also be
deployed to the LXC mailserver container to be accessible by Postfix.

There is a work in progress to automate the process: as Let's encrypt
renew code runs in a Docker container without access to the LXC mail
container, we want to check file hashes to copy and restart when needed.

Meanwhile, this change allows manual certificate propagation.

Test Plan: Tested to solve T1038.

Reviewers: Sandlayth

Differential Revision: https://devcentral.nasqueron.org/D694

Details

Auditors
dereckson
Provenance
derecksonAuthored on Nov 3 2016, 14:32
derecksonPushed on Nov 6 2016, 19:12
Differential Revision
D694: Allow to update SMTP server certificates
Parents
rOPSc356aa59ba95: Allow to update Mumble server certificates
Branches
Unknown
Tags
Unknown
Tasks
T919: Propagate Let's encrypt certificate to mail server

Changes (4)

PathSize
roles/
mailserver/
certificates/
mailserver/
certificates/
mumble/
certificates/

rOPS4d9fcc57d6fc

View Options

roles/mailserver/certificates/files/update-smtp-certificates

Loading...
View Options

roles/mailserver/certificates/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator