-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
service reload / HUP should reload ssl certificate [no downtime] #162
Comments
well done. kh5 actually works that way! thanks. :) |
What is the command to renew the https certificate without downtime ? |
A kill -HUP (PID) should reload the certificate info without a restart, but I seem to have 6 different versions installed and only Icecast 2.4.0-kh15-20211016231513 reloads the certificate when I HUP it. Icecast 2.4.0-kh15-20211016212453 no Is the -20211017011012 part at the end just the build time? That then makes this even more confusing. They are running on different Ubuntu versions, but the first two are the same OS version, one reloads with the -HUP the other doesn't. I'll experiment with installing the latest version to see what's up. Might have to do with an OpenSSL version as well? |
Nevermind. Original: In the future I'll do a test and see just how long it takes to update the certificate on the various machines. |
I turned up error log levels now, as I'm seeing this on the machines that didn't update as expected we=hen -HUP'd:
So this sheds some light with 2.4.0-kh15. But the certificate is good. Stopping and restarting the Icecast process the certificate loads fine. But doing a -HUP gets that warning when the certificate is changed. I'm replying here hoping to help some folks out (even tho this issue is closed). |
letsencrypt regular certificate renew leads to the neccessity to reload the ssl certificate. atm this is only possible with restart.
is there any chance to let icecast reread a new ssl certificate and use it, without disconnecting actual listeners? only new connections should use the new certificate then tho.
please consider this a question, where I do not know enough about SSL, to determine if that asked is technically feasable at all :_)
The text was updated successfully, but these errors were encountered: