TLS certificate renewal strategy (for HTTPS and AMQPS)
Vilius Šumskas
Hello,
given all the global certificate changes https://github.com/cabforum/servercert/blob/main/docs/BR.md#42-certificate-application-processing coming in this and next year, I’m wondering what TLS certificate renewal strategy others are going to use for their RabbitMQ servers and clusters?
I tried to search for ACME clients which are compatible with RabbitMQ/Erlang but could not find any. In theory I should be able to just overwrite certificate on disk, however I could not find any information if that would be supported on a cluster, where it needs to be done on every cluster node I assume? Also, running separate ACME client in a container could be tricky.
I’m also wondering maybe RabbitMQ team is planning to implement native ACME support in RabbitMQ itself? A lot of products are starting to introduce this these days, for example https://blog.nginx.org/blog/native-support-for-acme-protocol .
What other RabbitMQ users are planning to do?
--
Best Regards,
Vilius Šumskas
Rivile
IT manager
Loïc Hoguin
Hello,
RabbitMQ should reload certificates if they have changed on disk, so assuming your certificates are stored locally any CLI ACME client should be good enough. See https://www.rabbitmq.com/docs/ssl#rotation
Cheers,
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/rabbitmq-users/AM7PPF82C4D6F8FF83C05052DDCD9110430927CA%40AM7PPF82C4D6F8F.eurprd01.prod.exchangelabs.com.
Vilius Šumskas
OK. Did anyone found a good ACME implementation which can be used on RabbitMQ Cluster controlled by RabbitMQ Operator?
--
Vilius
To view this discussion visit https://groups.google.com/d/msgid/rabbitmq-users/0c68b2a8-68c1-4602-ba34-9a3b6ca8b786%40broadcom.com.
