TLS certificate renewal strategy (for HTTPS and AMQPS)

[Vilius Šumskas]

Hello,

 

given all the global certificate changes https://github.com/cabforum/servercert/blob/main/docs/BR.md#42-certificate-application-processing  coming in this and next year, I’m wondering what TLS certificate renewal strategy others are going to use for their RabbitMQ servers and clusters?

 

I tried to search for ACME clients which are compatible with RabbitMQ/Erlang but could not find any. In theory I should be able to just overwrite certificate on disk, however I could not find any information if that would be supported on a cluster, where it needs to be done on every cluster node I assume? Also, running separate ACME client in a container could be tricky.

 

I’m also wondering maybe RabbitMQ team is planning to implement native ACME support in RabbitMQ itself? A lot of products are starting to introduce this these days, for example https://blog.nginx.org/blog/native-support-for-acme-protocol .

 

What other RabbitMQ users are planning to do?

 

--

   Best Regards,

 

    Vilius Šumskas

    Rivile

    IT manager

 

[Loïc Hoguin]

Hello,

RabbitMQ should reload certificates if they have changed on disk, so assuming your certificates are stored locally any CLI ACME client should be good enough. See https://www.rabbitmq.com/docs/ssl#rotation

Cheers,

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/rabbitmq-users/AM7PPF82C4D6F8FF83C05052DDCD9110430927CA%40AM7PPF82C4D6F8F.eurprd01.prod.exchangelabs.com.