OpenResty CPU Spike Issue with SSL Certificate Management

38 views
Skip to first unread message

Prateek mishra {pmis}

unread,
May 22, 2024, 4:40:26 AMMay 22
to openresty-en
Hi everyone ,

I'm using OpenResty, an open-source web server, on Ubuntu Linux. Currently, I'm utilizing Redis to store SSL certificates for all verified domains, totaling around 14,000 certificates. However, over the past few days, I've been encountering CPU spikes in production. Randomly, a large number of openssl genrsa -out /tmp/dehydrated 4096 commands spawn and consume 100% of the CPU for several minutes. This causes my web server to crash, and I'm struggling to understand why.

Despite having set up auto-renewal checks in my NGINX configuration with a check interval of 86400 seconds, this issue persists. Each SSL certificate stored in Redis occupies approximately 12 KB of space.

I'm seeking guidance on why these CPU spikes are occurring and how to address the problem.

Any insights or assistance would be greatly appreciated.

Thank you!
Message has been deleted

Junlong li

unread,
May 22, 2024, 8:23:29 PMMay 22
to openresty-en
You can try OpenResty XRay to find the root cause.

Prateek mishra {pmis}

unread,
May 22, 2024, 10:30:23 PMMay 22
to openre...@googlegroups.com
Hey thanks for response root cause i know I can see that there is alot of open SSL commands are spawning which I have mentioned in my previous mail I am unable to figure out how to resolve this issue.

On Thu, May 23, 2024, 5:51 AM Junlong li <zhuizhu...@gmail.com> wrote:
You can try https://xray.openresyt.com to find the root cause.

On Wednesday, May 22, 2024 at 4:40:26 PM UTC+8 pm6...@gmail.com wrote:

--
You received this message because you are subscribed to the Google Groups "openresty-en" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openresty-en...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openresty-en/eee5af58-1825-41e3-bbff-9bb026244096n%40googlegroups.com.

Junlong li

unread,
May 23, 2024, 4:13:10 AMMay 23
to openresty-en
did `openssl genrsa -out /tmp/dehydrated 4096` called by the openresty?
Would you please show the config of   your nginx.conf?
Reply all
Reply to author
Forward
0 new messages