Like many of you, I have to handle annual SSL certificate renewals. I currently manage this process via Ansible for my other services, and I would like to implement the same workflow for Pritunl.
I am aware that Pritunl stores certificates in the MongoDB database. Has anyone successfully automated the renewal process, perhaps using the CLI?
Most importantly, I am looking for a solution that applies the new certificate without disconnecting active users. Any advice or examples would be greatly appreciated.
I discovered that I can update the certificate and key directly using the CLI commands: pritunl set app.server_certpritunl set app.server_key
However, the missing piece is how to reload the web server configuration to apply these changes without restarting the entire Pritunl service (and consequently dropping active VPN connections).
When updating settings via the Web GUI, it seems to handle this gracefully - restarting the web interface while keeping VPN tunnels alive. Does anyone know the specific CLI command to trigger this “web-only” reload?
It should restart within 63 seconds after running the set commands. The server will sync the settings every 60 seconds and the web server will compare for changes every 3 seconds. When a change is found it will log Settings changed, restarting server... and restart the web server.
You are correct - I missed that in the logs. The web server did restart, but my browser cached the old certificate, making it look like it was still expired.