Wing FTP Software

The official forum of Wing FTP Software
https://bbs.wftpserver.com/

refresh SSL cert/keys files

https://bbs.wftpserver.com/viewtopic.php?t=3786

Page 1 of 1

refresh SSL cert/keys files

Posted: Tue Jan 04, 2022 3:38 pm
by api2022
Good day,

is there a way to automate updating certificate/key files without service interruption and manual actions in admin interface (refresh button)?

I'm using a letsencrypt bot with post script that copies files to all my front facing services, FTP server included. For nginx I use 'nginx -s reload' for example. I see that replacing cert files and server restart does the job (new certs are used), but that's far from ideal.

Thanks

Re: refresh SSL cert/keys files

Posted: Wed Jan 05, 2022 1:25 am
by FTP
OK, you can execute the following script under "Web admin -> Administrator -> Console":
c_SetOptionInt("domain1",DOPTION_TLS_SESSION_TIMEOUT,3600+(c_GetRandom()%100))

Just replace the "domain1" into your own domain name.

Re: refresh SSL cert/keys files

Posted: Wed Jan 05, 2022 1:58 pm
by api2022
Thank you for the suggestion. So if I want to automate the recommendation is to use lua restAPI and call this function to set DOPTION_TLS_SESSION_TIMEOUT. I can't find any documentation on the meaning of this parameter but it looks strange to set TLS session timeout to some random value for certificates update. Could you elaborate?

Thanks!

Re: refresh SSL cert/keys files

Posted: Wed Jan 05, 2022 2:28 pm
by FTP
Yes, it is used to manipulate timeout value for TLS/SSL session caching, and "DOPTION_TLS_SESSION_TIMEOUT" has the default value 3600, if you set it into a different value, the SSL cert/key will be reloaded, so I set it into a random value (3600-3700).

Re: refresh SSL cert/keys files

Posted: Wed Jan 05, 2022 4:08 pm
by api2022
Thank you, that worked! I decided to use the Task Scheduler task that calls this command after letsencrypt bot execution.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited