Tweet
Summary: Is there a way to get SC_SERV to use an updated SSL cert without restarting and dropping all listeners?
Several months ago, I started using SSL certificates to support the rapidly increasing use of HTTPS even if I use HTTP on my web pages. That has been working will. However, there is a problem: the certificates from Lets Encrypt expire 3 months from issuance. That is not adjustable. It is easy enough to renew the certificate, but so far, I have not found a way to get SC_SERV to use the updated cert without being restarted and thus dropping all current listeners. Here is what I have tried:
First, I update the certs in the config file. SC_SERV. Example:
sslcertificatefile=/root/certs/listen/fullchain.pem
sslcertificatekeyfile=/root/certs/listen/privkey.pem
Not surprisingly, SC_SERV does not pick up the change.
On the admin web page, I run update. However, the file name shown in view does not change, and the new cert is not used.
I also tried Force, but that too did not change the files shown in view nor active the new cert.
Restarting SC_SERV picked up the new cert.
For completeness, I also tried overwriting the cert files with the new certs, but SC_SERVED did not start using it, even with update or force.
Several months ago, I started using SSL certificates to support the rapidly increasing use of HTTPS even if I use HTTP on my web pages. That has been working will. However, there is a problem: the certificates from Lets Encrypt expire 3 months from issuance. That is not adjustable. It is easy enough to renew the certificate, but so far, I have not found a way to get SC_SERV to use the updated cert without being restarted and thus dropping all current listeners. Here is what I have tried:
First, I update the certs in the config file. SC_SERV. Example:
sslcertificatefile=/root/certs/listen/fullchain.pem
sslcertificatekeyfile=/root/certs/listen/privkey.pem
Not surprisingly, SC_SERV does not pick up the change.
On the admin web page, I run update. However, the file name shown in view does not change, and the new cert is not used.
I also tried Force, but that too did not change the files shown in view nor active the new cert.
Restarting SC_SERV picked up the new cert.
For completeness, I also tried overwriting the cert files with the new certs, but SC_SERVED did not start using it, even with update or force.
Comment