Certificate renewals

Ignition 8.3 Early Access
1

Did something change in how certificate renewals work? I've been using 8.1 with an auto renew script that bundles the cert and chain into /usr/local/bin/ignition/webserver/ssl.pfx with an alias of ignition and password of ignition, then invoking gwcmd.sh --reloadks to apply the new certificate.

This doesn't seem to be working anymore after upgrading to 8.3. The docs don't seem to discuss applying a certificate outside the GUI. At a glance I don't see anything in the API for certificate management either. I could be missing something though.

2

I think the location changed.

Try $IGNITION/data/config/local/ignition/webserver/keystore/ssl.pfx

1 Like
3

That's got it. I removed the file and created a symlink to my ssl.pfx over in my main certs directory, any reason why that would cause an issue?

4

Should be okay unless maybe somebody starts using the web UI or API to update the keystore.

1 Like