On Wed, Jun 22, 2016 at 06:22:37PM +0200, Elrond wrote:
> So letting "service prosody reload" (which reloads the
> config, mostly) also reload the certificate would be much
> better, IMHO. It wouldn't disturb existing users but get
> the new certificate for new connections.
That sounds entirely reasonable.
> This isn't the default with prosody, but can be configured:
>
> - You need reload_modules [1] installed and enabled (add it
> to modules_enabled).
> - Add this to your config:
> reload_modules = { "tls" }
>
> Now a "service prosody reload" will also reload
> certificates.
>
> That said, it might be good to document that somewhere. A
> place that is somewhat easy to find. TBH I don't know,
> which place would be appropiate. README.Debian? It's not
> really debian specific after all.
Any reason not to default to this in the default configuration? (And
the default upstream configuration as well, to avoid diverging?)
- Josh Triplett
