InspIRCd v4 is still early in development!
If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.
You probably want to use InspIRCd v3 instead.
The "sslrehashsignal" Module (v4)
This module depends on UNIX-specific features and must be manually enabled at compile time.
If you are building on a UNIX platform you can enable this module using the following command:
./configure --enable-extras sslrehashsignal
Description
This module allows the SIGUSR1
signal to be sent to the server to reload TLS (SSL) certificates.
Configuration
To load this module use the following <module>
tag:
<module name="sslrehashsignal">
This module requires no other configuration.
Signals
Name | Description |
---|---|
SIGUSR1 | Reloads the server's TLS (SSL) certificates. |
Special Notes
Since 3.17.0 InspIRCd ships with a script that you can customise for use as a post-deploy hook with Certbot to automatically reload your TLS (SSL) certificates when they are updated. For users of older versions this script is replicated below.
#!/bin/sh
set -e
# The location your renewal tool places your certificates.
CERT_DIR="/etc/letsencrypt/live/irc.example.com"
# The location of the InspIRCd config directory.
INSPIRCD_CONFIG_DIR="/etc/inspircd"
# The location of the InspIRCd pid file.
INSPIRCD_PID_FILE="/var/run/inspircd/inspircd.pid"
# The user:group that InspIRCd runs as.
INSPIRCD_OWNER="inspircd:inspircd"
if [ -e ${CERT_DIR} -a -e ${INSPIRCD_CONFIG_DIR} ]
then
cp "${CERT_DIR}/fullchain.pem" "${INSPIRCD_CONFIG_DIR}/cert.pem"
cp "${CERT_DIR}/privkey.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"
chown ${INSPIRCD_OWNER} "${INSPIRCD_CONFIG_DIR}/cert.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"
if [ -r ${INSPIRCD_PID_FILE} ]
then
kill -USR1 $(cat ${INSPIRCD_PID_FILE})
elif [ -d /lib/systemd ] && systemctl --quiet is-active inspircd
then
systemctl kill --signal USR1 inspircd
fi
fi