Deploying certificates to Prosody automatically upon Certbot renewal

Certbot, developed by EFF, is a popular and easy-to-use ACME client to request and deploy SSL/TLS certificates from Let's Encrypt.

On Ubuntu 16.04 and later systems, a systemd timer, instead of a cron job, is used to schedule automatic renewal of certificates.

Starting from version 0.10, Prosody has the ability to import certificates from the local letsencrypt certificate store. To deploy the certificate to Prosody automatically upon renewal, edit the systemd unit file /lib/systemd/system/certbot.service to append a --deploy-hook to the certbot renewal command:

ExecStart=/usr/bin/certbot -q renew --deploy-hook "prosodyctl --root cert import /etc/letsencrypt/live"

and then reload the systemd daemon:

# systemctl daemon-reload

References

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.