---------------------------------------- | |
TLS on gopher update | |
March 14th, 2020 | |
---------------------------------------- | |
jan [0] is working on adding TLS support to his gopher client, | |
ncgopher [1]. I am running gopher over tls on cosmic.voyage via | |
port 7070 [2]. I went to check on it this morning and saw it was | |
giving me a cert error. | |
I'm using stunnel4 to handle the TLS stuff, and then configuring | |
a second copy of gophernicus to serve up the goods. The whole | |
process is outlined in an old phlog here [3]. | |
What I failed to take into account is that letsencrypt updates my | |
keys routinely, but stunnel doesn't reload them. It's as easy to | |
fix as: | |
$ sudo /etc/init.d/stunnel4 restart | |
Now I need to think about how to automate that when letsencrypt | |
does its business. Hmmm... ahha! | |
/lib/systemd/system/certbot.service: | |
ExecStart=/usr/bin/certbot -q renew \ | |
--post-hook "/etc/init.d/stunnel4 restart" | |
[0] jan | |
[1] ncgopher user guide | |
[2] cosmic on tls | |
[3] gophernicus TLS howto |