On Mon, 2016-08-22 at 12:03 +0100, Mike Brudenell wrote:
> Hi, Phil -
>
----------8<------------
> I'm not familiar with Centos but remember going crackers once on some
> flavour of Linux with trying to access a file that looked as though
> it
> should be accessible but I was being denied. Turned out to be some
> sort of
> security in Linux and I needed to to add the path to a file
> somewhere. I
> can't remember what the security system was called so can't search
> for it
> for you.
SELinux on Centos or AppArmor on Ubuntu. Both can provide interesting
challenges for the unwary 8)
I went for a bit of a bodge on my LE test system, crontab contains this
beauty:
## Lets Encrypt ACME.SH -
https://github.com/Neilpang/
0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" >
/dev/null && cat /etc/le/server.crt /etc/le/ca.crt >
/etc/le/chained.crt && /sbin/reload dovecot && /usr/bin/service exim4
reload
I also have Icinga watching the certificate expiry date and making
connectivity tests to both Exim and Dovecot. The standard monitoring
plugins do this out of the box. eg:
/usr/lib64/nagios/plugins/check_smtp -H $HOSTADDRESS" --timeout=$ARG1$
--port=$ARG2$ --starttls --certificate=$ARG3$
Cheers
Jon
