liquidsoap Live SSL certificate reload

Live SSL certificate reload

Open toots opened this issue 4 months ago • 2 comments

Discussed in https://github.com/savonet/liquidsoap/discussions/3759

^{Originally posted by gAlleb February 21, 2024} Hello there, friends!

I've got a question regarding the process of cert renewal when it's included into liquidsoap. Here is the logic:

I've got a fucntion with harbor

def json_data(request) =
   some function
end

transport = http.transport.ssl(
  certificate="/home/radio/ssl/fullchain.pem",
  key="/home/radio/ssl/privkey.pem"
)
harbor.http.register.simple(transport=transport,port=8007, method="GET", "/liquidsoap", json_data)

So it reads my certs and works. When it's time to renew the certs - I have a following hook for liquidsoap certs and icecast as well (inside certbot):

post_hook = cat /etc/letsencrypt/live/www.radio/fullchain.pem /etc/letsencrypt/live/www.radio/privkey.pem > /etc/icecast2/cert.pem && service icecast2 restart && cp /etc/letsencrypt/live/www.radio/fullchain.pem /home/radio/ssl && cp /etc/letsencrypt/live/www.radio/privkey.pem /home/radio/ssl && chown -R radio:radio /home/radio/ssl

What's next? Should I restart liquidsoap and add a command for that? Cause I don't want to restart it :))

Any other option beside hiding behind proxy? (Cause now I'm having all of this proxied through dedicated domain on 443) Don't know why I need this just wanna know the logic. Does Liquidsoap "watch" cert files? If it dosen't may be there should be an option for that?

Thank you!!!

Feb 21 '24 15:02 toots

liquidsoap liquidsoap copied to clipboard

Live SSL certificate reload

Discussed in https://github.com/savonet/liquidsoap/discussions/3759

liquidsoap
liquidsoap copied to clipboard