Davs/http read new certificate


#1

When using http or davs I use a letsencrypt certificate that gets renewed monthly. Is there a way to tell rlcone to re-read that certificate rather than cache the old one? The only way i’ve found is to kill and restart rclone. If not, can we implement a way to do it either with a interval or a kill command?


#2

Let me just make sure I’ve got this straight

  • You start rclone
  • The server’s letsencrypt certificate gets updated
  • rclone doesn’t notice
  • bad stuff happens

Do you have a log message for the error? If I can have that then I can dig into this a big more.


#3

Its more like this:

  • rclone gets started
  • letsencrypt gets updated
  • https site still shows old certificate (which could be expired or withdrawn)

I don’t think rclone will care and there will be nothing in the logs but browsers will care since its showing the old certificate. Perhaps I didn’t wait long enough for it to refresh the certificate from disk?

With nginx, for example, when the certificate was updated you’d have to sigup the process for it to relook at the new certificate. I assumed the same would be for rclone http in that it won’t recognize that the certs were updated in the files on disk.


#4

Oh, I see, you are using rclone serve http or rclone serve webdav and getting letsencrypt to update the certificate that is using.

you are right at the moment rclone will not re-read the certificate.

It is possible with a bit of complexity to do this in a seamless fashion

What do you think - worth implementing? If so please make a new issue on github - thanks!


#5

I’ve created on. Another idea would be to have something we can call from the remote control daemon to force the re-read. Code-wise i’m not sure which is easier.


#6

Thanks for creating the issue. And for rc vs re-read it is probably about a wash in terms of code complexity so I thought re-read was more useful in general.