Olivier wrote:
Jean-Francois Malouin Jean-Francois.Malouin@bic.mni.mcgill.ca writes:
As the subject say, I'm contemplating the use of LetsEncrypt TLS certificates. Is there a way to make slapd aware of a cert renewal (they happen every 90 days) without restarting it, ie, with minimal service interruption?
I *do* restart slapd after I installed the new Let's Encrypt certificate.
Use ldapmodify to set the new cert in cn=config. No restarts needed.
I doubt there are any other way to make LDAp server aware of the certificate change. And this is a 20 seconds interruption, nothing worth mentioning (or you are a big organization, then you have redundant LDAP servers and you would upgrade one at a time so it should be transparent to your users).
Best regards,
Olivier
thanks, jf