Rabbitmq reload/refresh new certificates without restart - McMap

About

Rabbitmq reload/refresh new certificates without restart

Asked 4/7, 2018 at 6:0 Answered 13/8, 2020 at 2:36

rabbitmq ssl-certificate spring-amqp spring-rabbit rabbitmqctl

S

1

10

I am using self signed certificates in my Rabbitmq server and the broker is started successfully with SSL port. I am now trying to renew / use new SSL certificates, SSL key and truststore but I do not want to restart the running rabbitmq server as my application should run continously. I checked online for solutions to refresh / reload the erlang/rabbitmq on the runtime to read/reload these new SSL certificates and I stumbled upon few links where they suggested to use - rabbitmqctl eval "ssl:stop(), ssl:start()." to reload certs.

The command worked fine and the new SSL certs were refreshed without rabbitmq restart, but the Consumers / connections were RESET because of which my application cannot read the messages from the queues anymore.

Can you please help me with this issue? I like to reload the new SSL certificates without restarting my rabbitmq or application and the rabbitmq must work fine with my application without any connection reset. If not kindly suggest me on how to re-establish the connections back again so that my application runs as expected.

Savil answered 4/7, 2018 at 6:0 Comment(1)

Hey there, let's make this a ''living dead'' post. I have the same question. It seem that after updating the certificat and running ---> rabbitmqctl eval "ssl:stop(), ssl:start()." to reload certs return a OK value from the prompt. And like you, it seem that connections are RESETED and on top of that, the management interface as long with the API are ''broken'' and no longer accessible... Is there a documented way on how to do that ? Please note that this is not a clustered installation. – Querulous 7/11, 2019 at 13:55

T

8

Turns out newer versions of Erlang auto-update their PEM cache, so all you need to do is put the new certificate in place and then wait for a few minutes.

If you need to force the use of the new certificate sooner, you can use

rabbitmqctl eval 'ssl:clear_pem_cache().'

And this will reload the certificate without disconnecting any publishers or consumers.

Taunton answered 13/8, 2020 at 2:36 Comment(3)

The error I get when I try this is "unable to connect to epmd (port 4369) on {name}.localdomain: nxdomain (non-existing domain)". Still researching to find solutions but do you have any ideas? – Widen 6/7, 2022 at 23:7

@UcheOzoemena still works, you just need to make sure epmd is running: erlang.org/doc/man/epmd.html – Taunton 11/7, 2022 at 1:44

This command (or waiting for a few minutes or even days) does update the certificate but it doesn't update the CA bundle even though it was changed. I did not find how to refresh it without restarting rabbitmq. – Unaware 8/8, 2023 at 13:40

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.