need restart chasquid when ssl certificate expire

[i18nsite]

I found that when the certificate expires, chasquid must be restarted to load the new certificate (the local file has been updated).

Is there any way to avoid such restart?

[albertito]

Hi!

There is currently no way to avoid the restart. Implementing it is possible but would add a lot of complexity and I don't think it's a good idea for now.

But if you're using letsencrypt/certbot, it is easy to automate the restart so you never serve with expired certificates: you can add the restart command to /etc/letsencrypt/renewal-hooks/post/restart. The how-to has an example.

I hope this helps! Thank you!

[i18nsite]

I'm worried that restarting will cause the request to send emails to fail. Is there anything similar nginx reload or
pingora Graceful restart so that the restart/hot reload configuration does not lose the request?

https://github.com/cloudflare/pingora/blob/main/docs/user_guide/graceful.md

Graceful restart and shutdown
Graceful restart, upgrade, and shutdown mechanisms are very commonly used to avoid errors or downtime when releasing new versions of Pingora servers.

Pingora graceful upgrade mechanism guarantees the following:

A request is guaranteed to be handled either by the old server instance or the new one. No request will see connection refused when trying to connect to the server endpoints.
A request that can finish within the grace period is guaranteed not to be terminated.

[albertito]

A chasquid restart won't cause any failures of delivering incoming or outgoing mail.

SMTP is designed to be super tolerant of transient failures and has retries, so even if a connection gets interrupted mid-way, the operation will be automatically retried and the email be delivered. And chasquid has been written to manage the queue carefully in coordination with this.

So in practice a restart should not cause any delivery issues or loss of emails.

This is different from other protocols like HTTP where a restart can be much more visible to the user.

I agree that live certificate reloading would be nice to have, but it is not needed to operate the server reliably, and it would introduce a significant amount of complexity that I want to be thoughtful about.

Thanks!

[i18nsite]

I understand, but my usage scenario is in the web api request, using SMTP to directly connect to chasquid to send emails. Chasquid restart may indeed cause some errors. I will add multi-server retry to avoid it.

[albertito]

Yeah, it's usually advisable to do client-side retries anyway since any little hiccup (e.g. networking) can cause the connection to break.

And the daemon restarts fast enough that with a simple client side retry you should be well covered.

Thank you!