The "sslrehashsignal" Module (v4)

This module depends on UNIX-specific features and must be manually enabled at compile time.

If you are building on a UNIX platform you can enable this module using the following command:

./configure --enable-extras sslrehashsignal

Description

This module allows the SIGUSR1 signal to be sent to the server to reload TLS (SSL) certificates.

Configuration

To load this module use the following <module> tag:

<module name="sslrehashsignal">

This module requires no other configuration.

Signals

Name Description
SIGUSR1 Reloads the server's TLS (SSL) certificates.

Special Notes

Since 3.17.0 InspIRCd ships with a script that you can customise for use as a post-deploy hook with Certbot to automatically reload your TLS (SSL) certificates when they are updated. For users of older versions this script is replicated below.

#!/bin/sh
set -e

# The location your renewal tool places your certificates.
CERT_DIR="/etc/letsencrypt/live/irc.example.com"

# The location of the InspIRCd config directory.
INSPIRCD_CONFIG_DIR="/etc/inspircd"

# The location of the InspIRCd pid file.
INSPIRCD_PID_FILE="/var/run/inspircd/inspircd.pid"

# The user:group that InspIRCd runs as.
INSPIRCD_OWNER="inspircd:inspircd"

if [ -e ${CERT_DIR} -a -e ${INSPIRCD_CONFIG_DIR} ]
then
    cp "${CERT_DIR}/fullchain.pem" "${INSPIRCD_CONFIG_DIR}/cert.pem"
    cp "${CERT_DIR}/privkey.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"
    chown ${INSPIRCD_OWNER} "${INSPIRCD_CONFIG_DIR}/cert.pem" "${INSPIRCD_CONFIG_DIR}/key.pem"

    if [ -r ${INSPIRCD_PID_FILE} ]
    then
        kill -USR1 $(cat ${INSPIRCD_PID_FILE})
    elif [ -d /lib/systemd ] && systemctl --quiet is-active inspircd
    then
        systemctl kill --signal USR1 inspircd
    fi
fi