Open marek-mbiel opened 1 year ago
In step 3, did you close and reopen the webrowser? Do XMPP clients in step 3 receive the certificate from step 2?
@badlop Yes, I reopened browser (I also tried it in incognito window, but same result). Yes, clients received valid cert from step 2 (although already configured invalid cert from step 1).
I see. I get ejabberd using a valid certificate, then copy an expired certificate, and running ejabberdctl reload_config
shows in the log:
2023-03-22 17:00:05.167789+01:00 [warning]
Invalid certificate in
/home/badlop/git/ejabberd/_build/relive/conf/cert.pem:
at line 1: certificate is no longer valid as its expiration date has passed
2023-03-22 17:00:05.168572+01:00 [warning]
Certificate in /home/badlop/git/ejabberd/_build/relive/conf/cert.pem (at line: 1)
for localhost is expired
That new certificate isn't loaded, the old one is still being used.
This seems a feature that doesn't let distracted admins load expired certificates. However, you consider it a problem, because you are confident you want to load the new certificate...
Before creating a ticket, please consider if this should fit the discussion forum better.
Environment
Bug description
Reload of certificate from valid to invalid seems not working.
I expect that once cert is updated although to wrong one, this one is used and not previous cached one.
Thank you. BR, Marek