Renew consul certificates

2025-03-14 20:01:35 +01:00
parent f7afbe6973
commit 428a1756f3
4 changed files with 9 additions and 2 deletions
--- a/README.org
+++ b/README.org
@@ -1,6 +1,6 @@
 * NixOS
 ** [[file:docs/install.org][Installing]]
-** Rebuilding
+*** Rebuilding
 #+BEGIN_SRC bash
 sudo nixos-rebuild switch --impure --flake ".#${HOST}"
 #+END_SRC
--- a/docs/consul.org
+++ b/docs/consul.org
@@ -1,6 +1,6 @@
 #+title: Consul
 * Server setup
-** Create a server keypair
+** Create a server keypair <<create_keypair>>
 Decrypt the CA (from the agenix secrets)
 #+begin_src bash
 agenix -i ~/.ssh/id_reykjavik -d consul.d/consul-agent-ca.pem.age > ~/tmp/consul-agent-ca.pem
@@ -78,3 +78,10 @@ JSON config:
  }
 }
 #+end_src
+* Renew expired certificates
+** Find the expired certificate
+#+begin_src
+openssl x509 -in /etc/consul.d/certs/samfelag-server-consul.pem -enddate -noout
+#+end_src
+
+Follow the steps described in [[create_keypair][Create a server keypair]].
--- a/secrets/consul.d/samfelag-server-thingvellir-key.pem.age
+++ b/secrets/consul.d/samfelag-server-thingvellir-key.pem.age
--- a/secrets/consul.d/samfelag-server-thingvellir.pem.age
+++ b/secrets/consul.d/samfelag-server-thingvellir.pem.age