[Bug]: Renewed ssl-certificates (frontend) are not being loaded. #2758
Description
What happened?
Upon creating a SSL-certificate, pointing Zigbee2MQTT to it via the config and starting Zigbee2MQTT, I can reach the frontend via HTTPS. However, after renewal of the certificate, Zigbee2MQTT does not recognise it automatically. A manual restart is needed. This is unwanted behaviour (and a Security breach). Am I doing something wrong or is this a bug?
Below is an example. Please note that I have tested this for three days in a row. (It does not look like a fluke.)
On the 30th the certificate is valid.
On the 31st the certificate is invalid. (The renewed certicated has not been pickup.)
However, the certificate has been renewed. Expected behaviour would be to see this certificate in the previous screenshot.
I installed Zigbee2MQTT on Proxmox as a LXC with help of the Proxmox VE Helper script. Certificate handling is managed (automatically) by Step CA. This certificate procedure is in place for the mTLS procedure (forced by MQTT). For this the certificate is renewed every day as well and Zigbee2MQTT uses the new certificatie. Tested this as I see in the logs of Zigbee2MQTT as well as in the logs of my MQTT broker that messages are being published/accepted.
To be complete the relevant section from the config file. (Although this does not look like the issue as the initial certificate is loaded correctly.)
frontend:
enabled: true
port: [redacted]
ssl_cert: '[redacted-path]/fullchain-frontend.crt'
ssl_key: '[redacted-path]/private-key-frontend.crt'
url: '[redacted]'
The same applies for permission etc. This does not seem the issue as it worked initially. I have checked that the permissions are not changed upon renewal. (It still is 600 zigbee2mqtt:root.)
What browsers are you seeing the problem on?
Microsoft Edge
Relevant stacktrace
Did you download state.json.zip?
I will attach state.json.zip