Description
Problem Description
The current behavior of LND is to delete and recreate the TLS certificate upon expiration at the next restart. This disrupts connections as the new TLS secret isn't immediately synced with all connected applications. It also needs LND to be restarted which is operationally inconvenient.
Desired Solution
To minimize downtime and maintain connections without interruption LND should be able to dynamically load a new TLS certificate without needing a full restart.
*Alternatives considered
In Kubernetes environments, managing TLS certificates externally via Terraform is feasible but still necessitates an LND restart.
If a hot reload would be possible LND could be notified with a script running in CI or in a sidecar container.
Additional context
Our environment is GCP configured with Terraform from Helm charts in Concourse CI.