| ----------------------------------------
TLS on gopher update
March 14th, 2020
----------------------------------------
jan [0] is working on adding TLS support to his gopher client,
ncgopher [1]. I am running gopher over tls on cosmic.voyage via
port 7070 [2]. I went to check on it this morning and saw it was
giving me a cert error.
I'm using stunnel4 to handle the TLS stuff, and then configuring
a second copy of gophernicus to serve up the goods. The whole
process is outlined in an old phlog here [3].
What I failed to take into account is that letsencrypt updates my
keys routinely, but stunnel doesn't reload them. It's as easy to
fix as:
$ sudo /etc/init.d/stunnel4 restart
Now I need to think about how to automate that when letsencrypt
does its business. Hmmm... ahha!
/lib/systemd/system/certbot.service:
ExecStart=/usr/bin/certbot -q renew \
--post-hook "/etc/init.d/stunnel4 restart"
|