ingress-nginx-helm/docs/enhancements/20190724-only-dynamic-ssl.md

---
title: Remove static SSL configuration mode
authors:
  - "@aledbf"
reviewers:
  - "@ElvinEfendi"
approvers:
  - "@ElvinEfendi"
editor: TBD
creation-date: 2019-07-24
last-updated: 2019-07-24
status: implementable
see-also:
replaces:
superseded-by:
---

#  Remove static SSL configuration mode

## Table of Contents

<!-- toc -->
- [Summary](#summary)
- [Motivation](#motivation)
  - [Goals](#goals)
  - [Non-Goals](#non-goals)
- [Proposal](#proposal)
  - [Implementation Details/Notes/Constraints](#implementation-detailsnotesconstraints)
- [Drawbacks](#drawbacks)
- [Alternatives](#alternatives)
<!-- /toc -->

## Summary

Since release [0.19.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.19.0) is possible to configure SSL certificates without the need of NGINX reloads (thanks to lua) and after release [0.24.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.24.0) the default enabled mode is dynamic.

## Motivation

The static configuration implies reloads, something that affects the majority of the users.

### Goals

- Deprecation of the flag `--enable-dynamic-certificates`.
- Cleanup of the codebase.

### Non-Goals

- Features related to certificate authentication are not changed in any way.

## Proposal

- Remove static SSL configuration

### Implementation Details/Notes/Constraints

- Deprecate the flag Move the directives `ssl_certificate` and `ssl_certificate_key` from each server block to the `http` section. These settings are required to avoid NGINX errors in the logs.
- Remove any action of the flag `--enable-dynamic-certificates`

## Drawbacks

## Alternatives

Keep both implementations
Remove static SSL configuration mode 2019-07-25 02:28:47 +00:00			`---`
			`title: Remove static SSL configuration mode`
			`authors:`
			`- "@aledbf"`
			`reviewers:`
			`- "@ElvinEfendi"`
			`approvers:`
			`- "@ElvinEfendi"`
			`editor: TBD`
			`creation-date: 2019-07-24`
			`last-updated: 2019-07-24`
			`status: implementable`
			`see-also:`
			`replaces:`
			`superseded-by:`
			`---`

			`# Remove static SSL configuration mode`

			`## Table of Contents`

			`<!-- toc -->`
			`- [Summary](#summary)`
			`- [Motivation](#motivation)`
			`- [Goals](#goals)`
			`- [Non-Goals](#non-goals)`
			`- [Proposal](#proposal)`
			`- [Implementation Details/Notes/Constraints](#implementation-detailsnotesconstraints)`
			`- [Drawbacks](#drawbacks)`
			`- [Alternatives](#alternatives)`
			`<!-- /toc -->`

			`## Summary`

corrected reference for release 2020-09-24 10:05:46 +00:00			`Since release [0.19.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.19.0) is possible to configure SSL certificates without the need of NGINX reloads (thanks to lua) and after release [0.24.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.24.0) the default enabled mode is dynamic.`
Remove static SSL configuration mode 2019-07-25 02:28:47 +00:00
			`## Motivation`

			`The static configuration implies reloads, something that affects the majority of the users.`

			`### Goals`

			- Deprecation of the flag `--enable-dynamic-certificates`.
			`- Cleanup of the codebase.`

			`### Non-Goals`

			`- Features related to certificate authentication are not changed in any way.`

			`## Proposal`

			`- Remove static SSL configuration`

			`### Implementation Details/Notes/Constraints`

			- Deprecate the flag Move the directives `ssl_certificate` and `ssl_certificate_key` from each server block to the `http` section. These settings are required to avoid NGINX errors in the logs.
			- Remove any action of the flag `--enable-dynamic-certificates`

			`## Drawbacks`

			`## Alternatives`

			`Keep both implementations`