Froxlor
Froxlor copied to clipboard
froxlor
[feature request] letsencrypt: add post issue/renewal hook possibility
Requesting a feature to add a possibility to run scripts/code/commands after a letsencrypt issue/renewal was running.
At least pointing to a shell script (file) should be enough.
Background: As acme.sh runs as root by the froxlor cron, all certificates and keys are owned by root and filemode is 0600. If you maybe manually changed owner or filemode of the certs - each run of acme.sh resets owner and filemode. This is by design of acme.sh and for security reasons the right way.
Adding the requested feature could make it possible to allow further usage of the certificates. Advanced system engineers could copy the/certain files and make necessary recurring changes needed after every renewal/issue.
Usecase:
On my Hosts I run different daemons. Some are not running as root but also need ssl-certificates. non-root daemons/users cannot access the certificate files stored by scme.sh. Thus I currently manually copy and chown the needed certs after they renewed. This would be nice to happen automatically.
Sadly, also acme.sh does not provide a similar posthook - and even if - currently you could not use it in froxlor.
I also have thought about that yes. For mail-services a renew needs to trigger a restart of the services in order for them to use the updated certificate. I hopefully find the time to add such a feature in the near future.
If you want/need to do something with the certificates already existing created via froxlor, you can easily access them via a script or anything from froxlor's database or even the generated files which are used in the webserver-vhost-configs
Implementation of a renew-hook started with 87409473231f7f928ae36bff02362a7e034b9e4f for future version 2.2