Are SSL certificate files specified in Phoenix config cached?

I’m using Certbot in a bash script to generate an SSL certificate on the prod server.

In the config I point Phoenix to the generated certificate files:
certfile: “/etc/letsencrypt/live/”
keyfile: “/etc/letsencrypt/live/”

The Certbot renews the certificate automatically with systemd timers.

I wonder whether Phoenix caches the certificate files specified in the config, so that an app reload is required after automatic certficate renewal?


The ssl application in Erlang/OTP caches certificates and keys read from PEM files and periodically reloads them. If you replace the files, your server will start using the updated ones within a few minutes.


Thanks for the info @voltone! Are you aware of any docs that document this behaviour?

The ssl docs are not very clear about this topic: the caching of PEM files is just mentioned in the docs for the :ssl.clear_pem_cache/0 function, and the :ssl_pem_cache_clean configuration option.

There is section in the Plug HTTP Guide on Renewing Certificates that goes into some more practical details.


Got it, thanks again.