Am 18.08.19 um 19:51 schrieb Maciej Sołtysiak via Unbound-users: > Hi, > > I'm looking to run unbound acting as a dnscrypt server. My intention is to > generate a new key and certificate say every 12 or 24 hours in order to > maintain forward secrecy. > > > > If I configure: > dnscrypt-secret-key: 1.key > dnscrypt-secret-key: 2.key > dnscrypt-provider-cert: 1.cert > dnscrypt-provider-cert: 2.cert > > I get 2 key/cert pairs, but when the times comes to generate a new one (be it > again 1.key or even 3.key) how can I make unbound use the new one? > I tried: > unbound-control set_option dnscrypt-secret-key: 3.key > unbound-control set_option dnscrypt-provider-cert: 3.cert > > But that doesn't seem to look for the files and advertise them. > > unbound-control flush is not so good either. > It seems to reread the key/cert files, but it flushes the cache. Hello Maciej, this sounds like a similar problem: https://nlnetlabs.nl/pipermail/unbound-users/2019-April/011527.html Andreas
Re: Rotating key and cert in dnscrypt setup
A. Schulze via Unbound-users Sun, 18 Aug 2019 12:59:00 -0700
- Rotating key and cert in dnscrypt setu... Maciej Sołtysiak via Unbound-users
- Re: Rotating key and cert in dnsc... A. Schulze via Unbound-users
