The "sslrehashsignal" Module (v4)
This module depends on UNIX-specific features and must be manually enabled at compile time.
If you are building on a UNIX platform you can enable this module using the following command:
./configure --enable-extras sslrehashsignal
Description
This module allows the SIGUSR1
signal to be sent to the server to reload TLS (SSL) certificates.
Configuration
To load this module use the following <module>
tag:
<module name="sslrehashsignal">
This module requires no other configuration.
Signals
Name | Description |
---|---|
SIGUSR1 | Reloads the server's TLS (SSL) certificates. |
Special Notes
Since 3.17.0 InspIRCd ships with a script that you can customise for use as a post-deploy hook with Certbot to automatically reload your TLS (SSL) certificates when they are updated. For users of older versions this script is replicated below.
#!/bin/sh
set -e
# The location your renewal tool places your certificates.
CERT_DIR="/etc/letsencrypt/live/irc.example.com"
# The location of the InspIRCd config directory.
INSPIRCD_CONFIG_DIR="/etc/inspircd"
# The location of the InspIRCd pid file.
INSPIRCD_PID_FILE="/var/run/inspircd/inspircd.pid"
# The user:group that InspIRCd runs as.
INSPIRCD_OWNER="inspircd:inspircd"
if [ -e ${CERT_DIR} -a -e ${INSPIRCD_CONFIG_DIR} ]
then
cp "${CERT_DIR}/fullchain.pem" "${INSPIRCD_CONFIG_DIR}/cert.pem"
cp "${CERT_DIR}/privkey.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"
chown ${INSPIRCD_OWNER} "${INSPIRCD_CONFIG_DIR}/cert.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"
if [ -r ${INSPIRCD_PID_FILE} ]
then
kill -USR1 $(cat ${INSPIRCD_PID_FILE})
elif [ -d /lib/systemd ] && systemctl --quiet is-active inspircd
then
systemctl kill --signal USR1 inspircd
fi
fi