Koozali.org: home of the SME Server

Letsencrypt/Dehydrated changes

Offline ReetP

  • *
  • 3,722
  • +5/-0
Letsencrypt/Dehydrated changes
« on: January 17, 2020, 04:20:13 PM »
If you have been following along you may have noticed that dehydrated has now gone mainstream with a version now in the EPEL repo.

Currently it is v0.6.5-1

It will make our lives much easier if we switch to using it because we then don't have to maintain our own version.

All pretty easy except two issues.

1. The EPEL version has a new cron.d entry.
I have added a template for this in the new test version of smeserver-letsencrypt 0.5-10 in smetest
Without adding a new key there is no easy way to switch between the old version and the new version. That in itself isn't a massive problem. I am just going to make it the default with 0.6.5-1 and 0.5-11

2. The EPEL version has switched the location of the hook script from /usr/bin to /etc/dehydrated and renamed it as well. Their version also has more options which could be used if required. I have already prepared templates for the new version.
The problem here is custom templates where you might deploy a certificate to a specific host.
I have a couple where I scp certs to another host and I think there may be others out there as well.
There is no particularly easy way to migrate these fragments (that I am currently aware of).

I'd like to switch to using their new hopok.sh format as it has more options if you require them.

What I am thinking of doing is:

Leave existing hook-script.sh templates in place
Add hookDirectory key
Default hookDirectory to /user/bin/hook-script.sh
It can be modified to /etc/dehydrated/hook.sh

Of course I'd prefer that would be reversed to make the new location default.

Let me know if you have any comments or suggestions as I would like to get us all to use 0.6.5.x as soon as possible

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Letsencrypt/Dehydrated changes
« Reply #1 on: January 18, 2020, 02:39:45 PM »
Cron : no need for a key. Just ask for minimum version of dehydrated in spec fil

Hook: same with spec and keep old template path with a metadata to expand at new place.
Having a property to handle will create more problems than it will solve.