29 Dub
2019
29 Dub
'19
14:33
On 4/28/19 3:53 PM, Christoph wrote:
- Does kresd need a reload/restart after
the TLS certificate got renewed (by letsencrypt)?
The files currently aren't watched for changes. It will be easiest to
just restart the service, as cache is kept and occasional non-reply
tends to be handled well in DNS (and rotations tend to be rather
infrequent).
- Is there a recommended way to configure the
interaction between
certbot and kresd? (the defaults would not work since kresd - starting
as knot-resolver user will not be able to read certificates owned by root)
I'm not aware of any. You need to restart the kresd service as well, so
I expect you'll need a custom piece of script that handles this in some
way (copy the files and/or change group/owner/permissions).
The documentation under [5] does not cover all fields
in the output of "worker.stats()", it would be great if those
missing fields could be added to the documentation.
[2] links to https:// rocks.moonscript.org but the certificate is for
https://luarocks.org
the document probably meant?
"print(cache.current_storage)"
Thanks. All fixed in
https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/814
--Vladimir