Solved Share Letsencrypt cert between Jails

I've got separate jails for mail and http(s) reverse proxy.

The reverse proxy is currently handling letsencrypt to provide webmail with a valid certificate. Naturally I would like to use letsencrypt for smtp and imap too.

Letsencrypt uses a hardcoded url (http://$host/.well-known/acme-challenge) to authenticate certificate requests. Since the reverse proxy needs to provide that url the mail-jail cannot provide it too.

Certificates need to be renewed periodically, as such http, smtp and imap services need to be reloaded at the correct time, across jails.

Does anyone have a good solution to share letsencrypt between jails securely?
 
I used mount_nullfs to link the certificate directory from proxy-jail to mail-jail and added a crontab entry on mail-jail to reload mail services after letsencrypt runs on proxy-jail.
 
Back
Top