So in order to keep it reloading/refreshing grabbing the latest generated SSL cert and KEY this is what I have found so far.
ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl"
ssl.clear_certs()
local ssl_cert_and_key_directory = "/etc/httpsacme-v01.api.letsencrypt.org/"
-- load cert from SNI
local f = assert(io.open(ssl_cert_and_key_directory .. ssl.server_name() .. ".der"))
local cert_data = f:read("*a")
f:close()
-- set cert
local ok, err = ssl.set_der_cert(cert_data)
if not ok then
ngx.log(ngx.ERR, "failed to set DER cert: ", err)
return
end
-- load key from SNI
local f = assert(io.open(ssl_cert_and_key_directory .. ssl.server_name() .. ".key"))
local pkey_data = f:read("*a")
f:close()
-- set key
local ok, err = ssl.set_der_priv_key(pkey_data)
if not ok then
ngx.log(ngx.ERR, "failed to set DER private key: ", err)
return
end
}
These are the certificate and key files i have to choose from but i notice the Lua syntax says DER and these files that was generated by my letsencrypt are all PEM format.
https://cloud.githubusercontent.com/assets/12204587/24085357/84e08b68-0cf2-11e7-860d-a2f5fb48e3bf.png
The chain file is PEM the only DER file is this one "networkflare.com-crt"
On Monday, 20 March 2017 16:03:01 UTC, rpaprocki wrote:
Hi,
On Mon, Mar 20, 2017 at 5:22 AM, c0nw0nks via openresty-en
<openre...@googlegroups.com> wrote:
Hey there,
Thanks for the info and links.
I see they use this
ssl_certificate_by_lua_block {
I
take it with that Lua directive I can just define ssl_cert_path_to_certificate and ssl_key_path_to_key
to use that would load any dynamicly changing certificate and key from the directory i specify on
the fly in a non blocking manner does anyone have a example ?