* [pve-devel] [PATCH docs] fix #5665: add note about short-lived cert renewal
@ 2024-09-09 12:39 Fabian Grünbichler
2024-11-08 10:36 ` [pve-devel] applied: " Fiona Ebner
0 siblings, 1 reply; 2+ messages in thread
From: Fabian Grünbichler @ 2024-09-09 12:39 UTC (permalink / raw)
To: pve-devel
not that obvious behaviour on the systemd side, and missing cert renewal can
have wide-reaching consequences.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
certificate-management.adoc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/certificate-management.adoc b/certificate-management.adoc
index 71c6d71..3bb9bb9 100644
--- a/certificate-management.adoc
+++ b/certificate-management.adoc
@@ -223,6 +223,9 @@ If a node has been successfully configured with an ACME-provided certificate
renewed by the `pve-daily-update.service`. Currently, renewal will be attempted
if the certificate has expired already, or will expire in the next 30 days.
+NOTE: If you are using a custom directory that issues short-lived certificates,
+disabling the random delay for the `pve-daily-update.timer` unit might be
+advisable to avoid missing a certificate renewal after a reboot.
ACME Examples with `pvenode`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] applied: [PATCH docs] fix #5665: add note about short-lived cert renewal
2024-09-09 12:39 [pve-devel] [PATCH docs] fix #5665: add note about short-lived cert renewal Fabian Grünbichler
@ 2024-11-08 10:36 ` Fiona Ebner
0 siblings, 0 replies; 2+ messages in thread
From: Fiona Ebner @ 2024-11-08 10:36 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Grünbichler
Am 09.09.24 um 14:39 schrieb Fabian Grünbichler:
> not that obvious behaviour on the systemd side, and missing cert renewal can
> have wide-reaching consequences.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> certificate-management.adoc | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/certificate-management.adoc b/certificate-management.adoc
> index 71c6d71..3bb9bb9 100644
> --- a/certificate-management.adoc
> +++ b/certificate-management.adoc
> @@ -223,6 +223,9 @@ If a node has been successfully configured with an ACME-provided certificate
> renewed by the `pve-daily-update.service`. Currently, renewal will be attempted
> if the certificate has expired already, or will expire in the next 30 days.
>
> +NOTE: If you are using a custom directory that issues short-lived certificates,
> +disabling the random delay for the `pve-daily-update.timer` unit might be
> +advisable to avoid missing a certificate renewal after a reboot.
>
> ACME Examples with `pvenode`
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
applied, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-11-08 10:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-09 12:39 [pve-devel] [PATCH docs] fix #5665: add note about short-lived cert renewal Fabian Grünbichler
2024-11-08 10:36 ` [pve-devel] applied: " Fiona Ebner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal