fixes #50 - purge cached cert/key when a replacement is received

zsteinkamp commented 5 months ago

Proposed changes

Fixes Issue #50 - Purge cached cert/key from shared dictionary zone (if applicable) when we receive a replacement. This allows for on-the-fly certificate reconfiguration (e.g. adding a domain) by using nginx -s reload.

Thank you @NetForce1 for raising the issue and your clarity in describing the symptoms and repro case.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

[x] I have read the CONTRIBUTING document
[x] If applicable, I have added tests that prove my fix is effective or that my feature works
[x] If applicable, I have checked that any relevant tests pass after adding my changes
[x] I have updated any relevant documentation (README.md and CHANGELOG.md)

Confirmation of fix

Before: 2 hosts in certificate Screenshot 2024-03-22 at 1 34 53 PM

Reload nginx (via docker compose exec nginx bash) Screenshot 2024-03-22 at 1 37 35 PM

nginx-1   | 2024/03/22 20:34:35 [info] 24#24: js: njs-acme: [auto] Renewing certificate because the hostnames in the certificate (proxy.nginx.com, proxy2.nginx.com) do not match the configured njs_acme_server_names (proxy.nginx.com)

After: 1 host in certificate Screenshot 2024-03-22 at 1 35 37 PM

zsteinkamp commented 5 months ago

I'll bump the versions after the next PR. Thanks @ryepup !

NetForce1 commented 5 months ago

Thanks for the swift actions @zsteinkamp

This allows for on-the-fly certificate reconfiguration (e.g. adding a domain) by using nginx -s reload.

I justed wanted to add (for future searchers :-) ) that this was not only a problem for adding a domain, but also for the renewal.

nginx / njs-acme