Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it posible to update ssl cert without server restarting?

Tags:

node.js

ssl-certificate

I'd like to update ssl certificates on node.js http2 server without restarting (to avoid any downtime). Also I don't want to use any 3rd party modules for this work. Only pure nodejs. Is it possible?

Right now when certificate about to expire, i just restarting the script. 

const https = require('http2');
const server = https.createSecureServer({
  ca: fs.readFileSync('chain.pem'),
  cert: fs.readFileSync('cert.pem', 'utf8'),//fullchain
  key: fs.readFileSync('privkey.pem', 'utf8'),
  allowHTTP1: true,
},

I expect to be able to watch if cert files were updated (using fs.watch() for example), and to update certificates in http2 server on the fly...

like image 242
user3742227 Avatar asked Jul 23 '19 17:07

user3742227

People also ask

Do I need to restart the server after installing SSL certificate?

You would only need to restart the Server if you manually generate the SSL certificate due to exception conditions such as changes in hostname or host IP in your etc/hosts.

Does installing a certificate require restart?

Root certificate installation on Windows should never require a restart.

Do you need to restart IIS after changing certificate?

Use this procedure when you need to add or replace the SSL certificate for Insight. At the end of this procedure, you will need to restart the server, so you should perform this procedure during a time of low user activity.

2 Answers

As mentioned by Jake, setSecureContext() do the magic. Seems it can update certificate without breaking current connections. Something like:

setTimeout(function () {server.setSecureContext({
  ca: fs.readFileSync('chain.pem'),
  cert: fs.readFileSync('cert.pem', 'utf8'),//fullchain
  key: fs.readFileSync('privkey.pem', 'utf8')
})},86400000)
like image 172
user3742227 Avatar answered Nov 15 '22 08:11

user3742227

Yes, you can just use sniCallBack():

const https = require('http2');
const server = https.createSecureServer({
  ca: fs.readFileSync('chain.pem'),
  cert: fs.readFileSync('cert.pem', 'utf8'),//fullchain
  key: fs.readFileSync('privkey.pem', 'utf8'),
  allowHTTP1: true,
  SNICallback: (servername, cb) => {
    // here you can even change up the `SecureContext`
    // based on `servername` if you want
    cb(null, server);
  }
},

This may be a bit outdated so try it out and ask me if anything doesn't work because the solution source code that I found here is a bit different.

like image 43
Kenzoid Avatar answered Nov 15 '22 07:11

Kenzoid
Sign in to Comment

Related questions

Unable to install node using nvm on windows
POST data to NodeJS using fetch()
ioredis Unhandled error event: Error: connect ETIMEDOUT
How set multiple cookies with res.cookie(key , value) on NodeJS?
ternary operator in nodejs
connection.query(...).then is not a function
Firebase cloud function Firestore trigger onWrite not behaving as expected when testing locally
Validating unique key pairs in a nested object with Joi and nodeJS
Next.js. How to call component's getInitialProps in Layout
Google Cloud storage is not a function
Prettier glob matching multiple file types
npm issue after update
NodeJS: ENAMETOOLONG, how long is too long?
Where can I find documentation of the 'keypress' event in Node.js
How to fix error:only absolute URLS are supported in react ssr graphql
How I can get user info profile from Google API?
Storing and getting boolean with Redis
Why is this Array.sort behaviour different in Chrome vs Node.js
Getting net::ERR_INCOMPLETE_CHUNKED_ENCODING 200 when consuming event-stream using EventSource in ReactJs
How to display an [object Object] on angular UI?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!