[Libwebsockets] Reconfigure vhost with certificates.

sas spss sas2016spss at gmail.com
Thu Jun 10 19:48:41 CEST 2021


Popular SSL certificate services like LetsEncrypt.org require renew/update
of SSL certificate every 60 - 90 days. Is there a better way to reload the
new certificate without affecting existing connections ?

Restarting server or calling lws_vhost_destroy() kills all existing
connections and can cause bad user experiences.  Is it possible to create a
new SSL context with the new certificate and then use this new SSL context
to accept and serve new connections ?  Thanks.


On Thu, Jun 3, 2021 at 9:15 PM Andy Green <andy at warmcat.com> wrote:

>
>
> On 6/3/21 5:07 PM, Avigail Wilk wrote:
> > Hi Andy,
> >
> > I am using libwebsocket version 4.2.0.
> >
> > In my system I give the end user the option to upload ssl certificates
> > that will be used for HTTPS.
> >
> > My question is, what is the right way to restart the vhost with the new
> > certificates?
>
> The usual approach routers take is use the new certs on the next reboot.
>
> There are also apis to destroy and create vhosts dynamically.
>
>
> https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-context-vhost.h?h=main#n1005-1037
>
>
> >
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20210610/c5293050/attachment.htm>


More information about the Libwebsockets mailing list