How to restart unbound on renew of certificate?

JobH

Hello.

pfsense 2.4.5-RELEASE (amd64)

I have enabled DNS resolver (unbound) and it uses my acme/letsencrypt wildcard-certificate to Respond to incoming SSL/TLS queries from local clients.

I assume that when the certificate is renewed, the unbound service needs to be restarted, just like the webgui and haproxy?

The examples shown for webgui and haproxy work fine, but I cannot find how to restart unbound. Could you please show me what to enter in the Actions list to accomplish this?

With kind regards,

JobH

kiokoman

/usr/local/sbin/pfSsh.php playback svc restart unbound -> shell
or just
unbound and -> Restart Local Service from the drop down menu
or
/usr/local/etc/rc.d/unbound restart -> shell

JobH

Thank you for the prompt response.

I added the second part: unbound and Restart Local Service.

Have to wait a week before being able to test the renewal process. I'll report back if everything worked ok.

noplan

@kiokoman said in How to restart unbound on renew of certificate?:

/usr/local/etc/rc.d/unbound restart -> shell

and does it worked for you ?

Gertjan

Noop ^^

Executing :

/usr/local/etc/rc.d/unbound restart

tells you why.

/usr/local/etc/rc.d/unbound onerestart

Is worse. Will use a 'unknown' config file (not /var/unbound/unbound.conf)
So, no good neither.

This :

seems to work - the unbound pid changed.

noplan

damnnnnnn !
not cool.

kiokoman

i didn't check, i don't use unbound.. it seems like it's not working from shell
have you tried the other 2 methods?

noplan

not yet
vid call is still goin on would be uncool to cut connection ;)

Gertjan

Restarting unbound doesn't shut down my Netflix, neither Facetime or any other connection.

noplan

yep true !

JobH

@Gertjan I confirmed that the last solution works for me too (unbound, Restart Local Service).