liquidsoap
liquidsoap copied to clipboard
Live SSL certificate reload
Discussed in https://github.com/savonet/liquidsoap/discussions/3759
Originally posted by gAlleb February 21, 2024 Hello there, friends!
I've got a question regarding the process of cert renewal when it's included into liquidsoap. Here is the logic:
I've got a fucntion with harbor
def json_data(request) =
some function
end
transport = http.transport.ssl(
certificate="/home/radio/ssl/fullchain.pem",
key="/home/radio/ssl/privkey.pem"
)
harbor.http.register.simple(transport=transport,port=8007, method="GET", "/liquidsoap", json_data)
So it reads my certs and works. When it's time to renew the certs - I have a following hook for liquidsoap certs and icecast as well (inside certbot):
post_hook = cat /etc/letsencrypt/live/www.radio/fullchain.pem /etc/letsencrypt/live/www.radio/privkey.pem > /etc/icecast2/cert.pem && service icecast2 restart && cp /etc/letsencrypt/live/www.radio/fullchain.pem /home/radio/ssl && cp /etc/letsencrypt/live/www.radio/privkey.pem /home/radio/ssl && chown -R radio:radio /home/radio/ssl
What's next? Should I restart liquidsoap and add a command for that? Cause I don't want to restart it :))
Any other option beside hiding behind proxy? (Cause now I'm having all of this proxied through dedicated domain on 443) Don't know why I need this just wanna know the logic. Does Liquidsoap "watch" cert files? If it dosen't may be there should be an option for that?
Thank you!!!