Certificate renewals

mquinn · July 30, 2025, 12:57pm

Did something change in how certificate renewals work? I've been using 8.1 with an auto renew script that bundles the cert and chain into /usr/local/bin/ignition/webserver/ssl.pfx with an alias of ignition and password of ignition, then invoking gwcmd.sh --reloadks to apply the new certificate.

This doesn't seem to be working anymore after upgrading to 8.3. The docs don't seem to discuss applying a certificate outside the GUI. At a glance I don't see anything in the API for certificate management either. I could be missing something though.

Kevin.Herron · July 30, 2025, 1:06pm

I think the location changed.

Try $IGNITION/data/config/local/ignition/webserver/keystore/ssl.pfx

mquinn · July 30, 2025, 1:21pm

That's got it. I removed the file and created a symlink to my ssl.pfx over in my main certs directory, any reason why that would cause an issue?

Kevin.Herron · July 30, 2025, 2:00pm

Should be okay unless maybe somebody starts using the web UI or API to update the keystore.

philip · February 14, 2026, 11:09pm

Burned by this change of location today when the certificate expired and the renewal wasn’t going to the correct location. Anyway to get this location documented at this page

https://www.docs.inductiveautomation.com/docs/8.3/platform/gateway/web-interface/network/web-server-settings/secure-communication-ssl-tls

or update this guide:

https://inductiveautomation.com/resources/article/lets-encrypt-guide-for-ignition

I would still be trying to figure this out if it wasn’t for your post.