#1346 TLS certificates not updated on config+modules reload
I'm running a prosody setup with net_multiplex (among others) and certificates by LetsEncrypt.
After refreshing the certificate files, I run the following:
nc localhost 5582 <<EOF
However, after that, the old certificates are still served from the server. Only after re-issuing the reload command twice (IIRC only reloading mod_tls is sufficient, but it's been a while), the new certificate will be served.
Thanks for the report.
What version of Prosody did you have?
This was happening with 0.10 nightlies typically some months old. Haven't had a LE rollover yet on 0.11, will try to think of commenting here when it happens.
Running Prosody version 0.11 nightly build 39 (2019-03-22, 68faa0c1a99c) on Linux with certificates on different host:port combos.
After config:reload() - no cert updates
After second config:reload() - certificate on XMPP endpoints (c2s, s2s) is updated
module:reload("tls") - no changes after first or second call
module:reload("http") - certificate on :5281 updated
Second module:reload("http") - no further changes
module:reload("net_multiplex") - certificates on all :443 endpoints updated
Now all certs are updated!
this is happening on our instance running in Docker. we manage certs in a mounted volume. I can confirm updated/correct certificate is loaded at /etc/prosody/certs/<domain>.crt. We send SIGHUP to the process and get the following logs
mod_posix info Received SIGHUP
startup info Reloading configuration file
<domain>.com:tls info Certificates reloaded
but then loading the HTTPS endpoint on 5281 certificate is not updated. What else do we need to do?