From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id DGuUOnBOU2GbWQEAgWs5BA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 28 Sep 2021 19:18:40 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id SPaLNXBOU2HhXQAAbx9fmQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 28 Sep 2021 17:18:40 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 2F3B914D27
	for <larch@yhetil.org>; Tue, 28 Sep 2021 19:18:40 +0200 (CEST)
Received: from localhost ([::1]:49598 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1mVGkY-0004ra-K2
	for larch@yhetil.org; Tue, 28 Sep 2021 13:18:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47602)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mVGjy-0004qR-Lq
 for bug-guix@gnu.org; Tue, 28 Sep 2021 13:18:04 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:35342)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mVGjy-0007eU-EZ
 for bug-guix@gnu.org; Tue, 28 Sep 2021 13:18:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mVGjx-0000jL-So
 for bug-guix@gnu.org; Tue, 28 Sep 2021 13:18:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#50872: Prosody service + letsencrypt certs improvements
Resent-From: Christine Lemmer-Webber <cwebber@dustycloud.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Tue, 28 Sep 2021 17:18:01 +0000
Resent-Message-ID: <handler.50872.B.16328494292743@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 50872
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 50872@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16328494292743
 (code B ref -1); Tue, 28 Sep 2021 17:18:01 +0000
Received: (at submit) by debbugs.gnu.org; 28 Sep 2021 17:17:09 +0000
Received: from localhost ([127.0.0.1]:46888 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mVGj7-0000iB-A5
 for submit@debbugs.gnu.org; Tue, 28 Sep 2021 13:17:09 -0400
Received: from lists.gnu.org ([209.51.188.17]:52804)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <cwebber@dustycloud.org>) id 1mVGj6-0000i4-Db
 for submit@debbugs.gnu.org; Tue, 28 Sep 2021 13:17:08 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47304)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <cwebber@dustycloud.org>)
 id 1mVGj5-0004fi-VO
 for bug-guix@gnu.org; Tue, 28 Sep 2021 13:17:08 -0400
Received: from dustycloud.org ([50.116.34.160]:38546)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <cwebber@dustycloud.org>)
 id 1mVGj4-0006s9-BF
 for bug-guix@gnu.org; Tue, 28 Sep 2021 13:17:07 -0400
Received: from twig (localhost [127.0.0.1])
 by dustycloud.org (Postfix) with ESMTPS id BB70B26663
 for <bug-guix@gnu.org>; Tue, 28 Sep 2021 13:17:04 -0400 (EDT)
User-agent: mu4e 1.6.6; emacs 27.2
From: Christine Lemmer-Webber <cwebber@dustycloud.org>
Date: Tue, 28 Sep 2021 13:01:31 -0400
Message-ID: <87h7e4tyb3.fsf@dustycloud.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=50.116.34.160;
 envelope-from=cwebber@dustycloud.org; helo=dustycloud.org
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1632849520;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=wiroAl9Dca46pB6P5FyHoWWKzfkwYW61S2o56IpnoPk=;
	b=RdFD5CpruvF7YF8HUp/6r1J9xoVcAGWtXef8L06tjKFL8Aqp0DHmCNDrvgNg2L2w+KqkLN
	r2yWD5cvfDC4IqrEzVjUtu7ilA5JWYN3HNn3K2+7DP1UqaiGoFqNQGJF7o6ApTQPLeMN4z
	Hjehi/5XSKfgMMStBTGUjapZRQmOLQpNKgICb8HlYsyQbddknlkBVTdW/bfe0/Q4MvjyUI
	xXvPlc+jWIb3VMBQyYOt5Q+qj/GDhMfcLqCl6X68Y059DP9IgurzKD9F2+OJpcFtIBzFH3
	fDTTTB5u00NoB2GIgOYl9d3prUMEpBPN02ZU/RbQeCfSb6kfI/rgDcq9AR4yGg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632849520; a=rsa-sha256; cv=none;
	b=BiZXNpRFNVDy3wn+rXf90IJn4veU3HgoBaejLk0osTovcHUpgY+dsMLr9HaMkwGORSSFXf
	fNrgxz+aT49yvU/JVWqMPXD4/j6tXBE2tF+4caUkuTBdmq08mlG2KKtVJEhI5cG84P7bx3
	nufYgnw9NXVNVs52nziQlJntNBenmhJwyrsC+qYWzBtrySeTAtCgYdie5/HODYCkebMo/a
	aCf/s9rWpxOp6bgKs9DMe/Htxtp/4CDpcov8AQGwVlS5kAhUims9GmD3LbRri/pqWClpNH
	18wsEWEeBDpm/iLDGrwPVaBWHgnLZTysNGpJoMeo+wxujLskGWgMETbp7Jz0Wg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Spam-Score: -2.40
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Queue-Id: 2F3B914D27
X-Spam-Score: -2.40
X-Migadu-Scanner: scn0.migadu.com
X-TUID: owneiEqDtn7c

I finally got prosody working on my server using Guix.  However, the
manual says:

   Prosodyctl will also help you to import certificates from the
   =E2=80=98letsencrypt=E2=80=99 directory so that the =E2=80=98prosody=E2=
=80=99 user can access them.  See
   <https://prosody.im/doc/letsencrypt>.

     prosodyctl --root cert import /etc/letsencrypt/live

However, what prosody actually does with this command is that it copies
the files from letsencrypt *over to* its own directory (but then also
restarts prosody... in theory).  According to the docs:

  This command can be put in cron or passed as a callback to automated
  certificate renewal programs such as certbot or other Let's Encrypt
  clients. For more information on using Prosody with these, see our
  Let's Encrypt page.

Hm, in other words we really ought to run this attached to some hook
related to the letsencrypt services... when they renew successfully, it
should trigger this command, I'd think.  We do similar things for nginx,
etc...

Thoughts?  Does this seem right?
 - Christine