[OpenSIPS-Users] Problems reloading TLS certs.

Ryan Bullock rrb3942 at gmail.com
Thu Nov 13 17:38:10 UTC 2025 

Hey Matt,

OpenSIPs currently only supports tls_reload for domains managed in a
database. Coincidentally I started a patch set earlier this week to allow
reloading the keys, certificates, etc for domains defined in the config
script. No ETA on a pull request yet, it is still in testing mode.

On Wed, Nov 12, 2025 at 10:00 PM Matthew Schumacher <schu at schu.net> wrote:

> Hello All,
>
> I have a 3.2 server where I can't reload certs.  Is this because I'm not
> storing the certs in a database?  How can I work around this? The server
> is never idle enough for me to restart and my cert expires in a few
> days.  Am I forced to kick people off to restart? Also, is there a way
> to tell opensips to not accept any new calls? I'm not sure how much that
> will help, but it would be good to know.
>
> Thanks!
>
>
> root at sbc:/etc/opensips# opensips-cli -f /etc/opensips/opensips-cli.cfg
> -x mi tls_reload
> ERROR: command 'tls_reload' returned: 500: DB url not set
>
> root at sbc:/etc/opensips# opensips-cli -f /etc/opensips/opensips-cli.cfg
> -x mi tls_list
> {
>      "Domains": [
>          {
>              "name": "client",
>              "type": "TLS_DOMAIN_CLI",
>              "IP ADDRESS FILTERS": [
>                  "*"
>              ],
>              "SIP DOMAIN FILTERS": [
>                  "*"
>              ],
>              "METHOD": "TLSv1_2",
>              "VERIFY_CERT": true,
>              "REQ_CLI_CERT": false,
>              "CRL_CHECKALL": false,
>              "CERT_FILE": "/etc/ssl/certs/siptrunk_domain_net.crt",
>              "CRL_DIR": "",
>              "CA_FILE": "/etc/ssl/certs/ca-certificates.crt",
>              "CA_DIR": "/etc/pki/CA/",
>              "PKEY_FILE": "/etc/ssl/certs/siptrunk_domain_net.key",
>              "CIPHER_LIST": "",
>              "DH_PARAMS_FILE": "",
>              "EC_CURVE": ""
>          },
>          {
>              "name": "server",
>              "type": "TLS_DOMAIN_SRV",
>              "IP ADDRESS FILTERS": [
>                  "x.x.x.x:5061",
>                  "y.y.y.y:5061"
>              ],
>              "SIP DOMAIN FILTERS": [
>                  "*"
>              ],
>              "METHOD": "TLSv1_2",
>              "VERIFY_CERT": false,
>              "REQ_CLI_CERT": true,
>              "CRL_CHECKALL": false,
>              "CERT_FILE": "/etc/ssl/certs/siptrunk_domain_net.crt",
>              "CRL_DIR": "",
>              "CA_FILE": "/etc/ssl/certs/ca-certificates.crt",
>              "CA_DIR": "/etc/pki/CA/",
>              "PKEY_FILE": "/etc/ssl/certs/siptrunk_domain_net.key",
>              "CIPHER_LIST": "ALL:!aNULL:!eNULL:!MD5:!RC4",
>              "DH_PARAMS_FILE": "",
>              "EC_CURVE": ""
>          }
>      ]
> }
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20251113/f8d6d2e2/attachment-0001.html>

More information about the Users mailing list