Quassel IRC

Steps to reproduce:

1. stop quasselcore
2. (re)move /var/lib/quasselcore/quasselCert.pem
3. start quasselcore
4. connect with client => "core does not support SSL" warning appears
5. reload quasselcore
6. connect with client => "core does not support SSL" warning STILL appears

bongo wrote:

I am using https://github.com/hlandau/acme to renew my let's encrypt certificates.
This script does systemctl reload $name.service on each configured service.

Quasselcore does not re-read the given quasselCert.pem and therefore fails to establish a valid secure connection to the clients.

This action should not require restarting the service and is common to work with all webservers, load balancers etc.

FYI: quassel upstream doesn't ship a systemd service file. I think, anyway.

Having said that, you're absolutely right that it should be possible to tell quassel to re-read the SSL cert without restarting it. However, I'm not sure how possible this is at the moment without implementing some kind of management interface for the core.

@TC01: Debian 8 or systemd has some type of compatibility layer making it possible to still use sysv scripts though it's not appreciated.

Quassel now supports reloading SSL certificates via kill -SIGHUP $QUASSEL_PID in the latest git master code (commit hash 25a3ae50ac0d9835283e4f5f10fcfcc10ed5575d). See merged pull request #208 for more details: https://github.com/quassel/quassel/pull/208

Quassel's init script will need changed to use this command in order to support reloading via service quasselcore reload or whatnot.