From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Tue, 24 Nov 2020 17:31:33 +0000 (+0100)
Subject: doc: add certificate reload tip to net.tls()
X-Git-Tag: v5.2.1~9^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d2a99f090dccb080ab44e60e6657014d3a15443c;p=thirdparty%2Fknot-resolver.git

doc: add certificate reload tip to net.tls()
---

diff --git a/daemon/bindings/net_tlssrv.rst b/daemon/bindings/net_tlssrv.rst
index ea8afcf5f..2ad7ba95e 100644
--- a/daemon/bindings/net_tlssrv.rst
+++ b/daemon/bindings/net_tlssrv.rst
@@ -76,7 +76,10 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
 
 .. function:: net.tls([cert_path], [key_path])
 
-   Get/set path to a server TLS certificate and private key for DoT and DoH.
+   When called with path arguments, the function loads the server TLS
+   certificate and private key for DoT and DoH.
+
+   When called without arguments, the command returns the currently configured paths.
 
    Example output:
 
@@ -86,6 +89,11 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
       > net.tls()  -- print configured paths
       ("/etc/knot-resolver/server-cert.pem", "/etc/knot-resolver/server-key.pem")
 
+   .. tip:: The certificate files aren't automatically reloaded on change. If
+      you update the certificate files, e.g. using ACME, you have to either
+      restart the service(s) or call this function again using
+      :ref:`control-sockets`.
+
 .. function:: net.tls_sticket_secret([string with pre-shared secret])
 
    Set secret for TLS session resumption via tickets, by :rfc:`5077`.