Good day,
is there a way to automate updating certificate/key files without service interruption and manual actions in admin interface (refresh button)?
I'm using a letsencrypt bot with post script that copies files to all my front facing services, FTP server included. For nginx I use 'nginx -s reload' for example. I see that replacing cert files and server restart does the job (new certs are used), but that's far from ideal.
Thanks
refresh SSL cert/keys files
-
- Site Admin
- Posts: 2082
- Joined: Tue Sep 29, 2009 6:09 am
Re: refresh SSL cert/keys files
OK, you can execute the following script under "Web admin -> Administrator -> Console":
c_SetOptionInt("domain1",DOPTION_TLS_SESSION_TIMEOUT,3600+(c_GetRandom()%100))
Just replace the "domain1" into your own domain name.
c_SetOptionInt("domain1",DOPTION_TLS_SESSION_TIMEOUT,3600+(c_GetRandom()%100))
Just replace the "domain1" into your own domain name.
-
- Posts: 3
- Joined: Tue Jan 04, 2022 3:33 pm
Re: refresh SSL cert/keys files
Thank you for the suggestion. So if I want to automate the recommendation is to use lua restAPI and call this function to set DOPTION_TLS_SESSION_TIMEOUT. I can't find any documentation on the meaning of this parameter but it looks strange to set TLS session timeout to some random value for certificates update. Could you elaborate?
Thanks!
Thanks!
-
- Site Admin
- Posts: 2082
- Joined: Tue Sep 29, 2009 6:09 am
Re: refresh SSL cert/keys files
Yes, it is used to manipulate timeout value for TLS/SSL session caching, and "DOPTION_TLS_SESSION_TIMEOUT" has the default value 3600, if you set it into a different value, the SSL cert/key will be reloaded, so I set it into a random value (3600-3700).
-
- Posts: 3
- Joined: Tue Jan 04, 2022 3:33 pm
Re: refresh SSL cert/keys files
Thank you, that worked! I decided to use the Task Scheduler task that calls this command after letsencrypt bot execution.