InspIRCd v4 is still early in development!

If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.

You probably want to use InspIRCd v3 instead.

The "sslrehashsignal" Module (v4)

This module depends on UNIX-specific features and must be manually enabled at compile time.

If you are building on a UNIX platform you can enable this module using the following command:

./configure --enable-extras sslrehashsignal

Description

This module allows the SIGUSR1 signal to be sent to the server to reload TLS (SSL) certificates.

Configuration

To load this module use the following <module> tag:

<module name="sslrehashsignal">

This module requires no other configuration.

Signals

Name Description
SIGUSR1 Reloads the server's TLS (SSL) certificates.

Special Notes

Since 3.17.0 InspIRCd ships with a script that you can customise for use as a post-deploy hook with Certbot to automatically reload your TLS (SSL) certificates when they are updated. For users of older versions this script is replicated below.

#!/bin/sh
set -e

# The location your renewal tool places your certificates.
CERT_DIR="/etc/letsencrypt/live/irc.example.com"

# The location of the InspIRCd config directory.
INSPIRCD_CONFIG_DIR="/etc/inspircd"

# The location of the InspIRCd pid file.
INSPIRCD_PID_FILE="/var/run/inspircd/inspircd.pid"

# The user:group that InspIRCd runs as.
INSPIRCD_OWNER="inspircd:inspircd"

if [ -e ${CERT_DIR} -a -e ${INSPIRCD_CONFIG_DIR} ]
then
    cp "${CERT_DIR}/fullchain.pem" "${INSPIRCD_CONFIG_DIR}/cert.pem"
    cp "${CERT_DIR}/privkey.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"
    chown ${INSPIRCD_OWNER} "${INSPIRCD_CONFIG_DIR}/cert.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"

    if [ -r ${INSPIRCD_PID_FILE} ]
    then
        kill -USR1 $(cat ${INSPIRCD_PID_FILE})
    elif [ -d /lib/systemd ] && systemctl --quiet is-active inspircd
    then
        systemctl kill --signal USR1 inspircd
    fi
fi