powered by Jive Software

Auto reload of SSL/TLS certificates

Hello,
like most of people nowadays I manage my SSL/TLS certificates using the certbot tool of letsencrypt.

Letsencrypt issues SSL certificates for free but with a very short expiration date (usually 3 months) because they get renew automatically by the certbot tool.

Most linux daemons (for example apache, postfix, dovecot, etc) when instructed to use those certificates are able to detect they changed (when renewed) and they get reloaded automatically.

For the time being I find it’s quite a challenge to use letsencrypt certificates because we need to do a complex manual procedure to convert them and put them inside the keystore, and since that must be done every three months the procedure is quite annoying.

Also, each time the new certificate is put in place the server must be restarted.

Is it possible to instruct OF to directly load those certificates and monitor the files for changes?

I tried to open an issue on jira but it seems like I’m unable to.

Also, the link to forums there it’s not working because it points to http://www.igniterealtime.org/forum/index.jspa

Thanks

You can check the Certificate Manager plugin, which is designed for such a dynamic certificates replacement https://www.igniterealtime.org/projects/openfire/plugins/1.1.0/certificatemanager/readme.html

Only a few trusted users can create tickets in Jira. Reporting issues in the forums is the preferred way.

Can you tell where exactly have you seen that broken link to the forums?