I've got separate jails for mail and http(s) reverse proxy.
The reverse proxy is currently handling letsencrypt to provide webmail with a valid certificate. Naturally I would like to use letsencrypt for smtp and imap too.
Letsencrypt uses a hardcoded url (http://$host/.well-known/acme-challenge) to authenticate certificate requests. Since the reverse proxy needs to provide that url the mail-jail cannot provide it too.
Certificates need to be renewed periodically, as such http, smtp and imap services need to be reloaded at the correct time, across jails.
Does anyone have a good solution to share letsencrypt between jails securely?
The reverse proxy is currently handling letsencrypt to provide webmail with a valid certificate. Naturally I would like to use letsencrypt for smtp and imap too.
Letsencrypt uses a hardcoded url (http://$host/.well-known/acme-challenge) to authenticate certificate requests. Since the reverse proxy needs to provide that url the mail-jail cannot provide it too.
Certificates need to be renewed periodically, as such http, smtp and imap services need to be reloaded at the correct time, across jails.
Does anyone have a good solution to share letsencrypt between jails securely?