With the reduction of lifetime for SSL certificates I was exploring
automation of certificate update, and also moving to using LetsEncrypt.
I was following the explanation in the link below which is focused on
Apache with Slackware:
https://blog.slackware.nl/using-letsencrypt-to-secure-your-slackware-webserver-with-https/
I usually manage Apache using Monit, so needing to separately restart
Apache to read new SSL certificates was quite messy. However, it looks
like this can be solved using the DEPENDS statement within the apache
service entry, i.e.
depends on sslcert
With a separate file monitor:
check file sslcert with path /path/to/fullchain.pem
if changed modification time then restart
This seems like a really useful way to configure automated SSL
certificate updates without needing to allow an additional script root
level privileges to restart Apache. Hopefully this looks sensible and
may be of use to others as SSL lifetimes are being reduced so automation
is crucial.
Best regards,
David
