doc: add certificate reload tip to net.tls()

author Tomas Krizek <tomas.krizek@nic.cz>

Tue, 24 Nov 2020 17:31:33 +0000 (18:31 +0100)

committer Petr Špaček <petr.spacek@nic.cz>

Wed, 25 Nov 2020 17:14:19 +0000 (18:14 +0100)
author Tomas Krizek <tomas.krizek@nic.cz>
Tue, 24 Nov 2020 17:31:33 +0000 (18:31 +0100)
committer Petr Špaček <petr.spacek@nic.cz>
Wed, 25 Nov 2020 17:14:19 +0000 (18:14 +0100)
diff --git a/daemon/bindings/net_tlssrv.rst b/daemon/bindings/net_tlssrv.rst

index ea8afcf5f13a35f7b0024ffffb56b30fb12ff142..2ad7ba95e5521e8ba8fd9dc4c8303af91da7446c 100644 (file)
--- a/daemon/bindings/net_tlssrv.rst
+++ b/daemon/bindings/net_tlssrv.rst
@@ -76,7 +76,10 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
  
  .. function:: net.tls([cert_path], [key_path])
  
-   Get/set path to a server TLS certificate and private key for DoT and DoH.
+   When called with path arguments, the function loads the server TLS
+   certificate and private key for DoT and DoH.
+
+   When called without arguments, the command returns the currently configured paths.
  
     Example output:
  
@@ -86,6 +89,11 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
        > net.tls()  -- print configured paths
        ("/etc/knot-resolver/server-cert.pem", "/etc/knot-resolver/server-key.pem")
  
+   .. tip:: The certificate files aren't automatically reloaded on change. If
+      you update the certificate files, e.g. using ACME, you have to either
+      restart the service(s) or call this function again using
+      :ref:`control-sockets`.
+
  .. function:: net.tls_sticket_secret([string with pre-shared secret])
  
     Set secret for TLS session resumption via tickets, by :rfc:`5077`.
author	Tomas Krizek <tomas.krizek@nic.cz>
	Tue, 24 Nov 2020 17:31:33 +0000 (18:31 +0100)
committer	Petr Špaček <petr.spacek@nic.cz>
	Wed, 25 Nov 2020 17:14:19 +0000 (18:14 +0100)