Certificate update requires Emby restart

[ServerGuy 24]

Currently, I have scripts setup to auto-renew my domain certificate via LetsEncrypt and replace the existing certificate file. The new renewed certificate uses the same file name and certificate password each time its renewed, so settings do not need changed within Emby. However, Emby doesnt pick up the new certificate until after Emby Server is restarted. 

 

Would this be an enhancement request that Emby picks up the new cert without restarting the service?

 

Thanks!

[rbjtech 5284]

I'd imagine the Cert and any necessary key exchanges (which do change, each Cert key is unique as I'm sure you are aware..) are read/stored securely in memory and thus ready for use each time a secure SSL channel is setup.  I don't know of any system that doesn't need a restart/reload when a Cert is renewed.

 

If you run Emby as a service then can you not just shutdown and re-start the service within your renewal script ? 

[ServerGuy 24]

I could bounce Emby after cert renewal as part of my script. I was thinking of something along the lines of IIS where when you bind the certificate the worker process recycles automatically and the cert is used immediately. Thats a little different obviously because youre not just replacing a file. However the functionality would be great.

 

During testing I had to change the cert password within Emby for the new cert file and it wasnt picked up until recycle of the process.

[rbjtech 5284]

I guess the Dev's would have to chip in here, but I'm pretty sure the SSL function is not separate from the main code and thus we have no choice but to bounce the entire service.. 

[Luke 42083]

Correct.

[AntaresFR 9]

I was in the same boat and call the api to restart the emby service after changing the certificate from script.

I did this during the night so the 10 secondes shutdown is not a problem

Edited March 6, 2019 by AntaresFR