#1346 TLS certificates not updated on config+modules reload

Reporter ge0rg
Owner Nobody
Created
Updated
Stars ★ (1)
Tags
  • Status-NeedInfo
  • Type-Defect
  • Priority-Medium
  1. ge0rg on

    I'm running a prosody setup with net_multiplex (among others) and certificates by LetsEncrypt. After refreshing the certificate files, I run the following: nc localhost 5582 <<EOF config:reload() module:reload("tls") module:reload("http") module:reload "net_multiplex" exit EOF However, after that, the old certificates are still served from the server. Only after re-issuing the reload command twice (IIRC only reloading mod_tls is sufficient, but it's been a while), the new certificate will be served.

  2. Zash on

    Thanks for the report. What version of Prosody did you have?

    Changes
    • tags Status-NeedInfo
  3. ge0rg on

    This was happening with 0.10 nightlies typically some months old. Haven't had a LE rollover yet on 0.11, will try to think of commenting here when it happens.

  4. ge0rg on

    Running Prosody version 0.11 nightly build 39 (2019-03-22, 68faa0c1a99c) on Linux with certificates on different host:port combos. After config:reload() - no cert updates After second config:reload() - certificate on XMPP endpoints (c2s, s2s) is updated module:reload("tls") - no changes after first or second call module:reload("http") - certificate on :5281 updated Second module:reload("http") - no further changes module:reload("net_multiplex") - certificates on all :443 endpoints updated Now all certs are updated!

New comment

Not published. Used for spam prevention and optional update notifications.