The "sslrehashsignal" Module (v3)
This module depends on UNIX-specific features and must be manually enabled at compile time.
If you are building on a UNIX platform you can enable this module using the following command:
./configure --enable-extras sslrehashsignalDescription
This module allows the SIGUSR1 signal to be sent to the server to reload TLS (SSL) certificates.
Configuration
To load this module use the following <module> tag:
<module name="sslrehashsignal">
This module requires no other configuration.
Signals
| Name | Description |
|---|---|
| SIGUSR1 | Reloads the server's TLS (SSL) certificates. |
Special Notes
If you are using an automated tool such as Certbot for renewing your certificates you may find it useful to use the following script as a deploy hook:
#!/bin/sh
set -e
# The location your renewal tool places your certificates.
CERT_DIR="/etc/letsencrypt/live/irc.example.com"
# The location of the InspIRCd config directory.
INSPIRCD_CONFIG_DIR="/etc/inspircd"
# The location of the InspIRCd pid file.
INSPIRCD_PID_FILE="/var/run/inspircd/inspircd.pid"
# The user:group that InspIRCd runs as.
INSPIRCD_OWNER="inspircd:inspircd"
if [ -e ${CERT_DIR} -a -e ${INSPIRCD_CONFIG_DIR} ]
then
cp "${CERT_DIR}/fullchain.pem" "${INSPIRCD_CONFIG_DIR}/cert.pem"
cp "${CERT_DIR}/privkey.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"
chown ${INSPIRCD_OWNER} "${INSPIRCD_CONFIG_DIR}/cert.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"
if [ -e ${INSPIRCD_PID_FILE} ]
then
kill -USR1 `cat ${INSPIRCD_PID_FILE}`
fi
fi