It is very convenient to renew certificates using let's encrypt or ZeroSSL nowadays. When certs get renewed, you need to tell every server using it that it should reload them.
To do that, there is a standard way since many centuries: kill -SIGHUP
The advantage is for instance, if apache was started in some terminal, not as a service, it will still reload certs. It is a fool-proof, bullet-proof way to do this without interrupting any service. The existing workers continue their services, no connection gets interrupted, only new worker threads use the new certs. Is every old worker gone, the reload is complete and no-one should even notify (except when checking certs).
But I had to discover that pveproxy and proxmox-backup-proxy just completely shutdown when getting SIGHUP signal! I'd really like to use the standard SIGHUP way to reload certs for these services also and can't see a reason why the behaviour is this way. In my eyes it seems to be completely broken.
1. Is there a way to do graceful reload of certs for the services pveproxy and proxmox-backup-proxy?
2. Is it possible to change the behaviour of the two proxies if they don't support the graceful reload (like every other service on earth seems to do!), at least not completely shutdown, but restart on SIGHUP?
To do that, there is a standard way since many centuries: kill -SIGHUP
Bash:
certprocesses="nginx,apache2,openresty,dovecot,master,postfix,courier,httpd,pveproxy,proxmox-backup-proxy"
pslist="$(ps -C $certprocesses -o pid=)" && kill -SIGHUP ${pslist:+$pslist}The advantage is for instance, if apache was started in some terminal, not as a service, it will still reload certs. It is a fool-proof, bullet-proof way to do this without interrupting any service. The existing workers continue their services, no connection gets interrupted, only new worker threads use the new certs. Is every old worker gone, the reload is complete and no-one should even notify (except when checking certs).
But I had to discover that pveproxy and proxmox-backup-proxy just completely shutdown when getting SIGHUP signal! I'd really like to use the standard SIGHUP way to reload certs for these services also and can't see a reason why the behaviour is this way. In my eyes it seems to be completely broken.
1. Is there a way to do graceful reload of certs for the services pveproxy and proxmox-backup-proxy?
2. Is it possible to change the behaviour of the two proxies if they don't support the graceful reload (like every other service on earth seems to do!), at least not completely shutdown, but restart on SIGHUP?
