Refreshing ssl certificates in a cowboy application

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Refreshing ssl certificates in a cowboy application

Facundo Olano
Hi! 

We are serving a cowboy web application with certbot/let's encrypt certificates which expire every 90 days. Since the cert files are changing so often, I'm wondering if there's a way to reload them without having to restart the application.

I understand cowboy ultimately uses the Erlang ssl module, so I guess this is not a cowboy specific issue.

Thanks, 
Facundo.

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Refreshing ssl certificates in a cowboy application

Danil Zagoskin-2
Hi!

OTP's ssl subsystem with default settings reloads the certfile without any extra actions.
See ssl_pem_cache.erl for implementation details.

On Wed, Nov 8, 2017 at 5:44 PM, Facundo Olano <[hidden email]> wrote:
Hi! 

We are serving a cowboy web application with certbot/let's encrypt certificates which expire every 90 days. Since the cert files are changing so often, I'm wondering if there's a way to reload them without having to restart the application.

I understand cowboy ultimately uses the Erlang ssl module, so I guess this is not a cowboy specific issue.

Thanks, 
Facundo.

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions




--
Danil Zagoskin | [hidden email]

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Refreshing ssl certificates in a cowboy application

Facundo Olano
I just tested this and indeed it works by default. 

Thanks!

On Wed, Nov 8, 2017 at 12:54 PM, Danil Zagoskin <[hidden email]> wrote:
Hi!

OTP's ssl subsystem with default settings reloads the certfile without any extra actions.
See ssl_pem_cache.erl for implementation details.

On Wed, Nov 8, 2017 at 5:44 PM, Facundo Olano <[hidden email]> wrote:
Hi! 

We are serving a cowboy web application with certbot/let's encrypt certificates which expire every 90 days. Since the cert files are changing so often, I'm wondering if there's a way to reload them without having to restart the application.

I understand cowboy ultimately uses the Erlang ssl module, so I guess this is not a cowboy specific issue.

Thanks, 
Facundo.

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions




--
Danil Zagoskin | [hidden email]


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Refreshing ssl certificates in a cowboy application

Loïc Hoguin-3
In reply to this post by Danil Zagoskin-2
Oh good to know, I had no idea. Thanks for the tip.

On 11/08/2017 03:54 PM, Danil Zagoskin wrote:

> Hi!
>
> OTP's ssl subsystem with default settings reloads the certfile without
> any extra actions.
> See ssl_pem_cache.erl for implementation details.
>
> On Wed, Nov 8, 2017 at 5:44 PM, Facundo Olano
> <[hidden email] <mailto:[hidden email]>>
> wrote:
>
>     Hi!
>
>     We are serving a cowboy web application with certbot/let's encrypt
>     certificates which expire every 90 days. Since the cert files are
>     changing so often, I'm wondering if there's a way to reload them
>     without having to restart the application.
>
>     I understand cowboy ultimately uses the Erlang ssl module, so I
>     guess this is not a cowboy specific issue.
>
>     Thanks,
>     Facundo.
>
>     _______________________________________________
>     erlang-questions mailing list
>     [hidden email] <mailto:[hidden email]>
>     http://erlang.org/mailman/listinfo/erlang-questions
>     <http://erlang.org/mailman/listinfo/erlang-questions>
>
>
>
>
> --
> Danil Zagoskin | [hidden email] <mailto:[hidden email]>
>
>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
>

--
Loïc Hoguin
https://ninenines.eu
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Refreshing ssl certificates in a cowboy application

Max Lapshin-2
we use it for automatic refreshing letsencrypt certificates. Works good.

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Refreshing ssl certificates in a cowboy application

Eric des Courtis-3
That is excellent. We have a situation where we have customers that bring their own domain. Is it possible to add an SSL cert in flight?


On Thu, Nov 9, 2017 at 1:31 AM, Max Lapshin <[hidden email]> wrote:
we use it for automatic refreshing letsencrypt certificates. Works good.

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions