View Single Post
Old 21st December 2020, 22:14   #1
outpostradio
Junior Member
 
Join Date: Sep 2016
Posts: 35
Updating SSL certs in DNAS

Summary: Is there a way to get SC_SERV to use an updated SSL cert without restarting and dropping all listeners?

Several months ago, I started using SSL certificates to support the rapidly increasing use of HTTPS even if I use HTTP on my web pages. That has been working will. However, there is a problem: the certificates from Lets Encrypt expire 3 months from issuance. That is not adjustable. It is easy enough to renew the certificate, but so far, I have not found a way to get SC_SERV to use the updated cert without being restarted and thus dropping all current listeners. Here is what I have tried:

First, I update the certs in the config file. SC_SERV. Example:
sslcertificatefile=/root/certs/listen/fullchain.pem
sslcertificatekeyfile=/root/certs/listen/privkey.pem

Not surprisingly, SC_SERV does not pick up the change.

On the admin web page, I run update. However, the file name shown in view does not change, and the new cert is not used.
I also tried Force, but that too did not change the files shown in view nor active the new cert.

Restarting SC_SERV picked up the new cert.

For completeness, I also tried overwriting the cert files with the new certs, but SC_SERVED did not start using it, even with update or force.
outpostradio is offline   Reply With Quote