Initial testing looks ok. You can see the patchset here https://github.com/rrb3942/opensips/tree/tls_mgm_reload
On Thu, Nov 13, 2025 at 3:56 PM Matthew Schumacher <[email protected]> wrote: > That’s helpful. If you message me the patch when you have it, I can help > test. > > On Nov 13, 2025, at 9:39 AM, Ryan Bullock <[email protected]> wrote: > > > Hey Matt, > > OpenSIPs currently only supports tls_reload for domains managed in a > database. Coincidentally I started a patch set earlier this week to allow > reloading the keys, certificates, etc for domains defined in the config > script. No ETA on a pull request yet, it is still in testing mode. > > On Wed, Nov 12, 2025 at 10:00 PM Matthew Schumacher <[email protected]> wrote: > >> Hello All, >> >> I have a 3.2 server where I can't reload certs. Is this because I'm not >> storing the certs in a database? How can I work around this? The server >> is never idle enough for me to restart and my cert expires in a few >> days. Am I forced to kick people off to restart? Also, is there a way >> to tell opensips to not accept any new calls? I'm not sure how much that >> will help, but it would be good to know. >> >> Thanks! >> >> >> root@sbc:/etc/opensips# opensips-cli -f /etc/opensips/opensips-cli.cfg >> -x mi tls_reload >> ERROR: command 'tls_reload' returned: 500: DB url not set >> >> root@sbc:/etc/opensips# opensips-cli -f /etc/opensips/opensips-cli.cfg >> -x mi tls_list >> { >> "Domains": [ >> { >> "name": "client", >> "type": "TLS_DOMAIN_CLI", >> "IP ADDRESS FILTERS": [ >> "*" >> ], >> "SIP DOMAIN FILTERS": [ >> "*" >> ], >> "METHOD": "TLSv1_2", >> "VERIFY_CERT": true, >> "REQ_CLI_CERT": false, >> "CRL_CHECKALL": false, >> "CERT_FILE": "/etc/ssl/certs/siptrunk_domain_net.crt", >> "CRL_DIR": "", >> "CA_FILE": "/etc/ssl/certs/ca-certificates.crt", >> "CA_DIR": "/etc/pki/CA/", >> "PKEY_FILE": "/etc/ssl/certs/siptrunk_domain_net.key", >> "CIPHER_LIST": "", >> "DH_PARAMS_FILE": "", >> "EC_CURVE": "" >> }, >> { >> "name": "server", >> "type": "TLS_DOMAIN_SRV", >> "IP ADDRESS FILTERS": [ >> "x.x.x.x:5061", >> "y.y.y.y:5061" >> ], >> "SIP DOMAIN FILTERS": [ >> "*" >> ], >> "METHOD": "TLSv1_2", >> "VERIFY_CERT": false, >> "REQ_CLI_CERT": true, >> "CRL_CHECKALL": false, >> "CERT_FILE": "/etc/ssl/certs/siptrunk_domain_net.crt", >> "CRL_DIR": "", >> "CA_FILE": "/etc/ssl/certs/ca-certificates.crt", >> "CA_DIR": "/etc/pki/CA/", >> "PKEY_FILE": "/etc/ssl/certs/siptrunk_domain_net.key", >> "CIPHER_LIST": "ALL:!aNULL:!eNULL:!MD5:!RC4", >> "DH_PARAMS_FILE": "", >> "EC_CURVE": "" >> } >> ] >> } >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
