#701 prosody reload (using init script) is not enough to reload ssl/tls certificate change

Reporter Pirate Praveen
Owner Zash
Stars ★★ (2)
  • Priority-Medium
  • Status-Fixed
  • Milestone-0.10
  • Type-Defect
  1. Pirate Praveen on

    What steps will reproduce the problem? 1. Update ssl certificate (letsencrypt renew) 2. /etc/init.d/prosody reload 3. try to load an image shared via http_upload module What is the expected output? What do you see instead? New ssl/tls certificate should be active but I still see certificate expired error. What version of the product are you using? On what operating system? prosody-0.10 1nightly264-1~trusty on Hamara 1.0.3 (Ubuntu trusty derivative) Please provide any additional information below. I have to restart prosody to see the change reflected.

  2. apollo13 on

    Can you try the following: enable the reload_modules module and add reload_modules = { "tls" } to your config. this should reload the cert.

  3. Pirate Praveen on

    Thanks. But I think this should be default. Its default behaviour for nginx. Also with letsencrypt certificates expiring every 3 months, many people would want this feature.

  4. Zash on

    mod_tls can now reload itself: https://hg.prosody.im/0.10/rev/c8e3a0caa0a9

    • owner Zash
    • tags Milestone-0.10
  5. Zash on

    • tags Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.