<div dir="ltr"><div>Initial testing looks ok. You can see the patchset here <a href="https://github.com/rrb3942/opensips/tree/tls_mgm_reload">https://github.com/rrb3942/opensips/tree/tls_mgm_reload</a></div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Nov 13, 2025 at 3:56 PM Matthew Schumacher <<a href="mailto:schu@schu.net">schu@schu.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="ltr"></div><div dir="ltr">That’s helpful.  If you message me the patch when you have it, I can help test.</div><div dir="ltr"><br><blockquote type="cite">On Nov 13, 2025, at 9:39 AM, Ryan Bullock <<a href="mailto:rrb3942@gmail.com" target="_blank">rrb3942@gmail.com</a>> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div>Hey Matt,<br><br></div>OpenSIPs currently only supports tls_reload for domains managed in a database. Coincidentally I started a patch set earlier this week to allow reloading the keys, certificates, etc for domains defined in the config script. No ETA on a pull request yet, it is still in testing mode.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 12, 2025 at 10:00 PM Matthew Schumacher <<a href="mailto:schu@schu.net" target="_blank">schu@schu.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello All,<br>
<br>
I have a 3.2 server where I can't reload certs.  Is this because I'm not <br>
storing the certs in a database?  How can I work around this? The server <br>
is never idle enough for me to restart and my cert expires in a few <br>
days.  Am I forced to kick people off to restart? Also, is there a way <br>
to tell opensips to not accept any new calls? I'm not sure how much that <br>
will help, but it would be good to know.<br>
<br>
Thanks!<br>
<br>
<br>
root@sbc:/etc/opensips# opensips-cli -f /etc/opensips/opensips-cli.cfg <br>
-x mi tls_reload<br>
ERROR: command 'tls_reload' returned: 500: DB url not set<br>
<br>
root@sbc:/etc/opensips# opensips-cli -f /etc/opensips/opensips-cli.cfg <br>
-x mi tls_list<br>
{<br>
     "Domains": [<br>
         {<br>
             "name": "client",<br>
             "type": "TLS_DOMAIN_CLI",<br>
             "IP ADDRESS FILTERS": [<br>
                 "*"<br>
             ],<br>
             "SIP DOMAIN FILTERS": [<br>
                 "*"<br>
             ],<br>
             "METHOD": "TLSv1_2",<br>
             "VERIFY_CERT": true,<br>
             "REQ_CLI_CERT": false,<br>
             "CRL_CHECKALL": false,<br>
             "CERT_FILE": "/etc/ssl/certs/siptrunk_domain_net.crt",<br>
             "CRL_DIR": "",<br>
             "CA_FILE": "/etc/ssl/certs/ca-certificates.crt",<br>
             "CA_DIR": "/etc/pki/CA/",<br>
             "PKEY_FILE": "/etc/ssl/certs/siptrunk_domain_net.key",<br>
             "CIPHER_LIST": "",<br>
             "DH_PARAMS_FILE": "",<br>
             "EC_CURVE": ""<br>
         },<br>
         {<br>
             "name": "server",<br>
             "type": "TLS_DOMAIN_SRV",<br>
             "IP ADDRESS FILTERS": [<br>
                 "x.x.x.x:5061",<br>
                 "y.y.y.y:5061"<br>
             ],<br>
             "SIP DOMAIN FILTERS": [<br>
                 "*"<br>
             ],<br>
             "METHOD": "TLSv1_2",<br>
             "VERIFY_CERT": false,<br>
             "REQ_CLI_CERT": true,<br>
             "CRL_CHECKALL": false,<br>
             "CERT_FILE": "/etc/ssl/certs/siptrunk_domain_net.crt",<br>
             "CRL_DIR": "",<br>
             "CA_FILE": "/etc/ssl/certs/ca-certificates.crt",<br>
             "CA_DIR": "/etc/pki/CA/",<br>
             "PKEY_FILE": "/etc/ssl/certs/siptrunk_domain_net.key",<br>
             "CIPHER_LIST": "ALL:!aNULL:!eNULL:!MD5:!RC4",<br>
             "DH_PARAMS_FILE": "",<br>
             "EC_CURVE": ""<br>
         }<br>
     ]<br>
}<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div>
<span>_______________________________________________</span><br><span>Users mailing list</span><br><span><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a></span><br><span><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></span><br></div></blockquote></div>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div>