Gramps 5.2.0
Gramps Web API 2.0.0
Gramps Web Frontend 24.2.1
locale: en
multi-tree: false
task queue: true
Hello, strangers. Well, I guess I am the stranger, after all this time away.
No real problems, just seeking pointers, or solution, to how I can get the acme-companion to notify me when a cert has been renewed, either by email, or in a way I can use to automate (?) copying the new certs to the reverse proxy (Apache) I have set up.
Currenlty, I do that manually when I notice the connection to Gramps Web no long works.
Did not see any means to ask the âacme peopleâ directly.
if you entered your correct e-mail, you will automatically get an e-mail from Letâs Encrypt (the certificate authority), this has nothing to do with acme-companian (or Gramps Web).
Sorry, I realized that didnât answer your question - you donât get the notification because acme-companion renews it for you, but then you need a manual step.
Thanks. I do not seem to be getting an email. Iâll look into that.
These days even marking my calendar is problematic.
I suppose it is feasible to periodically check the file dates on the certs in the docker container and compare them to those in the reverse proxy and copy them when necessary. Or, perhaps just copy them daily or on some other reasonable schedule.
Perhaps even raise a âbugâ or âenhancement requestâ with the acme-companion folks. I had though it already in there, but had missed it.
Edit: Probably not getting the email as the certs get renewed before the 6 day mark so never trigger the bot.
Not having to do anything manually is precisely the point of the acme-companion + nginx-proxy example in the docs. If you want to use something else, yes itâs best to ask in the upstream projects.
@DavidMStraub Is there a way that Gramps Web could do a daily selfâtest and eMail the admin(s)? To see if it is giving a certificate expired response instead of content.
And perhaps generate an eMail with a simple object count statistic report on the Tree(s). (If the Admin doesnât get an eMail or the counts are Zeros, there is a server problem to resolve.)
Likely I have terminology confused. What I am calling a reverse proxy is on hardware, running Apache, distinct from the hardware running the docker setups for grampsweb. Each hardware has itâs own IP of course.
I have only one internet facing static IP these days and must âshareâ it with several web apps. That is I can only forward web stuff, via firewall/router, to a single local IP.
Initially it seemed the only way to âmake it workâ was to have the certs files reside (duplicated to) the Apache virtual host so it would âmake niceâ with the docker setup. Works well enough until the certs renew and need to be duplicated on the Apache setup. If there is a way to share containers across hardware platforms, I am not aware of it.
I must confess to âinfirmity of yearsâ slowing my grasp of things. Just a fact.
No. Gramps Web doesnât know anything about certificates, it sits at a lower level. The issue we are discussing here has nothing to do with Gramps Web, but with exposing any kind of service to the internet via HTTPS.
No need to look into it, because I just got an email from Letâs Encrypt informing me of this change:
acme-companion has a pre- and post-hook on certificate renewal which may help you achieve what you want. There are some restrictions on what you can do, but itâs a place to start. Let us know how you make out.