You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use step-ca to issue certs for my internal sites, and it issues very short-lived certs of 1 day, rather than 90 days you'd get via lets encrypt.
I currently handle that by triggering a service reload to make it notice the change, but that creates a brief outage while that happens.
I was digging around in the plugin, and I noticed that it does check for the certs being updated, using a file date operations, making it very efficient. (nginx_proxy/rootfs/etc/periodic/daily/check_certificate_renewal).
If I just relied on that 'daily' seamless reload, I could experience short periods where the certificate expires, because it was renewed 30 minutes prior to the reload script running...
If that efficient script was hourly instead of daily, I'd not have to manually restart nginx service at all, and could run the heavier cert renew operation every 6 hours... with no downtime to the frontend
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
NGINX Home Assistant SSL proxy
What is the version of the add-on?
3.5.0
Steps to reproduce the issue
use a short-lived CA to retrieve a cert (that lasts 24 hours)
rely on the existing daily reload mechanisms (nginx_proxy/rootfs/etc/periodic/daily/check_certificate_renewal)
experience a race condition where the certificate wasn't updated in time, and certificate expires)
System Health information
There are currently no repairs available
Anything in the Supervisor logs that might be useful for us?
No response
Anything in the add-on logs that might be useful for us?
No response
Additional information
If this was acceptable I could likely do a PR for it.
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Describe the issue you are experiencing
I use step-ca to issue certs for my internal sites, and it issues very short-lived certs of 1 day, rather than 90 days you'd get via lets encrypt.
I currently handle that by triggering a service reload to make it notice the change, but that creates a brief outage while that happens.
I was digging around in the plugin, and I noticed that it does check for the certs being updated, using a file date operations, making it very efficient. (nginx_proxy/rootfs/etc/periodic/daily/check_certificate_renewal).
If I just relied on that 'daily' seamless reload, I could experience short periods where the certificate expires, because it was renewed 30 minutes prior to the reload script running...
If that efficient script was hourly instead of daily, I'd not have to manually restart nginx service at all, and could run the heavier cert renew operation every 6 hours... with no downtime to the frontend
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
NGINX Home Assistant SSL proxy
What is the version of the add-on?
3.5.0
Steps to reproduce the issue
System Health information
There are currently no repairs available
Anything in the Supervisor logs that might be useful for us?
No response
Anything in the add-on logs that might be useful for us?
No response
Additional information
If this was acceptable I could likely do a PR for it.
The text was updated successfully, but these errors were encountered: