refresh SSL cert/keys files

Please post here if you have problems in using Wing FTP Server.
Post Reply
api2022
Posts: 3
Joined: Tue Jan 04, 2022 3:33 pm

refresh SSL cert/keys files

Post by api2022 »

Good day,

is there a way to automate updating certificate/key files without service interruption and manual actions in admin interface (refresh button)?

I'm using a letsencrypt bot with post script that copies files to all my front facing services, FTP server included. For nginx I use 'nginx -s reload' for example. I see that replacing cert files and server restart does the job (new certs are used), but that's far from ideal.

Thanks
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: refresh SSL cert/keys files

Post by FTP »

OK, you can execute the following script under "Web admin -> Administrator -> Console":
c_SetOptionInt("domain1",DOPTION_TLS_SESSION_TIMEOUT,3600+(c_GetRandom()%100))

Just replace the "domain1" into your own domain name.
api2022
Posts: 3
Joined: Tue Jan 04, 2022 3:33 pm

Re: refresh SSL cert/keys files

Post by api2022 »

Thank you for the suggestion. So if I want to automate the recommendation is to use lua restAPI and call this function to set DOPTION_TLS_SESSION_TIMEOUT. I can't find any documentation on the meaning of this parameter but it looks strange to set TLS session timeout to some random value for certificates update. Could you elaborate?

Thanks!
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: refresh SSL cert/keys files

Post by FTP »

Yes, it is used to manipulate timeout value for TLS/SSL session caching, and "DOPTION_TLS_SESSION_TIMEOUT" has the default value 3600, if you set it into a different value, the SSL cert/key will be reloaded, so I set it into a random value (3600-3700).
api2022
Posts: 3
Joined: Tue Jan 04, 2022 3:33 pm

Re: refresh SSL cert/keys files

Post by api2022 »

Thank you, that worked! I decided to use the Task Scheduler task that calls this command after letsencrypt bot execution.
Post Reply