-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
need restart chasquid when ssl certificate expire #57
Comments
Hi! There is currently no way to avoid the restart. Implementing it is possible but would add a lot of complexity and I don't think it's a good idea for now. But if you're using letsencrypt/certbot, it is easy to automate the restart so you never serve with expired certificates: you can add the restart command to I hope this helps! Thank you! |
I'm worried that restarting will cause the request to send emails to fail. Is there anything similar https://github.com/cloudflare/pingora/blob/main/docs/user_guide/graceful.md Graceful restart and shutdown Pingora graceful upgrade mechanism guarantees the following: A request is guaranteed to be handled either by the old server instance or the new one. No request will see connection refused when trying to connect to the server endpoints. |
A chasquid restart won't cause any failures of delivering incoming or outgoing mail. SMTP is designed to be super tolerant of transient failures and has retries, so even if a connection gets interrupted mid-way, the operation will be automatically retried and the email be delivered. And chasquid has been written to manage the queue carefully in coordination with this. So in practice a restart should not cause any delivery issues or loss of emails. This is different from other protocols like HTTP where a restart can be much more visible to the user. I agree that live certificate reloading would be nice to have, but it is not needed to operate the server reliably, and it would introduce a significant amount of complexity that I want to be thoughtful about. Thanks! |
I understand, but my usage scenario is in the web api request, using SMTP to directly connect to chasquid to send emails. Chasquid restart may indeed cause some errors. I will add multi-server retry to avoid it. |
Yeah, it's usually advisable to do client-side retries anyway since any little hiccup (e.g. networking) can cause the connection to break. And the daemon restarts fast enough that with a simple client side retry you should be well covered. Thank you! |
I found that when the certificate expires, chasquid must be restarted to load the new certificate (the local file has been updated).
Is there any way to avoid such restart?
The text was updated successfully, but these errors were encountered: