support for symbolic links for SSL filenames specification parameter

For discussion of the Poker Mavens server module and other administration topics
Post Reply
segmentlime
Posts: 25
Joined: Wed Apr 22, 2020 4:39 pm

support for symbolic links for SSL filenames specification parameter

Post by segmentlime »

Hello Kent,

Background:

For SSL I use certificates from https://letsencrypt.org/ and I renew those certificates using software called certbot from https://certbot.eff.org/.

I have fully automated the renewals process for my own webservers but have run into a small wrinkle with renewals using poker maven.

The certbot employs two directories of interest in the matter. One is the "archive" directory and one is the "live". The archive directory holds the current certificates as well as the previous (expired) versions. The naming convention for the archive directory uses an incremental filename method, whereby for example at the time of renewal the new certbot\archive\privkey5.pem is created as the replacement for the expired certbot\archive\privkey4.pem. The live directory contains a symbolic link type filename whereby the files in the live directory are updated during renewal to point to the current (latest) file in the archive. So, in this example during the renewal process the file named certbot\live\privkey.pem will be changed from a symbolic link to certbot\archive\privkey4.pem to a symbolic link to certbot\archive\privkey5.pem. This mechanism is part of the certbot implementation of renewals. For my further automation, I have to work with that.

What I would like to be able to do is just set the 3 SSL filename parameters permanently in PM7 such that they point to the (symbolic link) filenames in the live directory, and then following a renewal, just bounce the PM7 service.

This does not seem to work.

When I specify the fully qualified filenames specifically as the live directory filenames when configuring the files in the PM7 service window, then the service seems to fail to follow the symbolic link the to file in the archive directory when started.

I notice that if I use the "browse" button when setting these parameters in the service interface window and use the windows file dialog box to select the file in the live directory, then when this dialog returns the parameter value is changed in the service configuration parameter to be that of the current file in the archive directory (with the hardcoded increment). When set like this the PM7 service starts properly and SSL works fine.

I could of course make my post cerbot renewal automation code to copy the certificates to some directory with static filenames that PM uses, but I am not that keen on having multiple copies of the private key certificate files on my servers.

Request:

Any way you would please make it so that the service can resolve the symbolic links at startup?
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: support for symbolic links for SSL filenames specification parameter

Post by Kent Briggs »

segmentlime wrote: Thu Aug 25, 2022 5:36 pm What I would like to be able to do is just set the 3 SSL filename parameters permanently in PM7 such that they point to the (symbolic link) filenames in the live directory, and then following a renewal, just bounce the PM7 service.

This does not seem to work.
How are you creating your symbolic links, are you using mklink? I don't have much experience with symlinks but I'm wondering if it's a scope issue such that you are creating them in the Windows Administrator account whereas the poker service is running under the Windows System account and doesn't recognize your links?
Post Reply