Comment by yjftsjthsd-h
2 days ago
Why would that matter? Replacing the cert and sighup'ing nginx or whatever isn't functionally different from doing it in-process.
2 days ago
Why would that matter? Replacing the cert and sighup'ing nginx or whatever isn't functionally different from doing it in-process.
As someone who has rolled my own cert updates and used Caddy, I much prefer the Caddy way.
I'm happy to agree that caddy is easier, but the claim here is that it's "tuned for short-lived certificates", which... I guess could be true, but I seriously doubt that it's meaningful (on the basis that reloading certs isn't exactly expensive on any other major web server, so even if the most obvious interpretation is true and the made it take, say, 100 ms instead of 1000 ms, but we're talking about reloading every few days, who cares?).
Oh, my, yes it is :) (I don't have time to elaborate on this again right now, unfortunately.)
You have a link to a previous discussion on this? I'm curious if there is some hidden thing occurring or if just connection resets are happening or something else you are aware of.