Reloading new certs for DNS over HTTPS
Ondřej Surý
ondrej at isc.org
Thu Sep 9 16:29:59 UTC 2021
Hi Eric,
please create a GitLab issue for this. I think the rndc reconfig should pick the new cert/key, but I am not sure if we have actually implemented this.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 9. 9. 2021, at 17:26, Eric Germann via bind-users <bind-users at lists.isc.org> wrote:
>
> I’ve implemented DNS over HTTPS on two of my servers to get some experience. I’m using LetsEncrypt for the cert issuer.
>
> I ran in to an issue where it appears named only reads them on init. The cert expired and certbot faithfully renewed it, but was using the old cert it read at initialization.
>
> My question is if a “rndc reconfig” will read the new cert when it reloads the config or do I have to stop and start named to get it to pick it up?
>
> Thanks
>
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>
> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>
>
>
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210909/ad7c2c6b/attachment-0001.htm>
More information about the bind-users
mailing list