You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a recent version of lnd, we added the --tlsautorefresh option which'll rotate any certs on disk on start up, if we detect that the old one was expired, or if we're not quite in sync with the config (the specified extra domains, etc). In certain container set ups, it's also useful to optionally have lnd just shutdown if it detects that its certs are expired, as assuming there's a hypervisor to restart the container/pod, then upon restart, lnd will have fully up to date certs.
Yeah, that looks pretty much how I'd approach this as well.
I don't think there needs to be an additional flag like --tlsautoshutdown, though, as you would enable/disable this by setting --healthcheck.tlscheck.attempts either to non-zero or zero, the same way the disk and backend checks work.
In a recent version of
lnd
, we added the--tlsautorefresh
option which'll rotate any certs on disk on start up, if we detect that the old one was expired, or if we're not quite in sync with the config (the specified extra domains, etc). In certain container set ups, it's also useful to optionally havelnd
just shutdown if it detects that its certs are expired, as assuming there's a hypervisor to restart the container/pod, then upon restart,lnd
will have fully up to date certs.Implementation-wise, this can likely be implemented as a new predicate in the
healthcheck
package.The text was updated successfully, but these errors were encountered: