Runtime SSL certificate hot reload without restart

[fsleo]

Feature Request

Currently, SSLApp only accepts key_file_name and cert_file_name during initialization. Once the certificate expires (e.g., Let's Encrypt 90-day certs), the entire Node.js process must be restarted to load the new certificate.

Use Case

• Using Let's Encrypt with automatic renewal
• Running WebSocket servers with long-lived connections
• Need zero-downtime certificate rotation
• Production environments where process restart is costly

Proposed API

const app = uWS.SSLApp({
  key_file_name: '/path/to/key.pem',
  cert_file_name: '/path/to/cert.pem'
});

// After certbot renews the certificate:
app.updateSSL({
  key_file_name: '/path/to/key.pem',
  cert_file_name: '/path/to/cert.pem'
});

[uNetworkingAB]

You can rotate certificates with addServerName, domain, removeServerName. I don't remember the exact use but I know this is possible. I've seen it used.

[dxkrs]

If you execute removeServerName and addServerName, and then re-register the routes through domain, is it same as restarting the whole running process?

[uNetworkingAB]

You don't re-register anything. If I remember correctly, you "browse" to domain("*") which is wildcard, and addServerName with whatever cert you want, then you can remove and add it under the same domain("*"). You're not tearing down the entire process, just migrating NEW connections to the new cert (old connections will continue to use the old cert until no connection refers to it anymore) so it's a gradual migration. You can enforce a certain time for the migration by setting maxLifetime on the websockets. I don't remember exactly, but I know there are users who use this.

[fsleo]

Issue Description:

When repeatedly calling the /change endpoint multiple times, a memory corruption error occurs.

Demo Code:

import * as uWS from 'uWebSockets.js';
const myd = "a1.test.net";
const myc = {
    key_file_name: './certs/private.pem',
    cert_file_name: './certs/fullchain.pem',
}

function router() {
    console.log('register router');
    app
        .ws('/chat', {
            open: (ws) => {
                ws.subscribe('broadcast');
            },
            message: (ws, message, isBinary) => {
                console.log('1');
            },
        })
        .get('/hello', (res, req) => {
            console.log('hello ssl');
            res.end('Nothing to see here!');
        })
        .get('/change', (res, req) => {
            app.removeServerName(myd);
            app.addServerName(myd, myc).domain(myd)
            router()
            res.end('Nothing to see here!');
        })
        .listen('0.0.0.0', 3000, (listenSocket) => {
            console.log('Start111...');
        });
}
const app = uWS.SSLApp(myc)
app.addServerName(myd, myc).domain(myd)
router()

Steps to Reproduce:

1. Run the server
2. Execute the following command multiple times:

   curl "https://a1.test.net:3000/change"

Actual Error:

node(13950,0x208a962c0) malloc: Incorrect checksum for freed object 0x13c809200: probably modified after being freed.
Corrupt value: 0x13b604830
node(13950,0x208a962c0) malloc: *** set a breakpoint in malloc_error_break to debug

Expected Behavior:

The /change endpoint should be callable repeatedly without causing memory corruption or crashes.

Additional Context:

• The issue appears to be related to dynamically removing and re-adding server names via removeServerName / addServerName.
• The error suggests that uWebSockets.js may be accessing freed memory when server names are modified at runtime.

Environment:

• uWebSockets.js version: [20.61.0]
• Node.js version: [24.16]
• OS: macOS (15.7.8)

[dxkrs]

According to "this Error" , it should say “try to write data to a released memory block address”.
I guess you should be have a frequent request, resulting in the parallel execution of the function of /change, you should make sure that it runs step by step in the production environment.

[dxkrs]

By my little test and found:

1. remove the app.removeServerName(myd); , it will effective.
2. use queues or timers to reduce the number of execution functions and increase the execution interval.