From 655f9e58b79803fbb28b75b7a7cc23720f14f0cc Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Sat, 1 Apr 2023 22:28:02 +0100
Subject: [PATCH] Update blog post with non-expired Lets Encrypt root.

Closes #2692. Thanks to Matt Turner.
---
 .../12/using-lets-encrypt-certificates-with-mosquitto.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/www/posts/2015/12/using-lets-encrypt-certificates-with-mosquitto.md b/www/posts/2015/12/using-lets-encrypt-certificates-with-mosquitto.md
index 22eed9c9..069ecb90 100644
--- a/www/posts/2015/12/using-lets-encrypt-certificates-with-mosquitto.md
+++ b/www/posts/2015/12/using-lets-encrypt-certificates-with-mosquitto.md
@@ -17,13 +17,14 @@ Then use the following for your mosquitto.conf:
 
 ```
 listener 8883
-cafile /etc/ssl/certs/DST_Root_CA_X3.pem
+cafile /etc/ssl/certs/ISRG_Root_X1.pem
 certfile /etc/letsencrypt/live/example.com/fullchain.pem
 keyfile /etc/letsencrypt/live/example.com/privkey.pem
 ```
 
-You need to be aware that current versions of mosquitto never update listener
-settings when running, so when you regenerate the server certificates you will
-need to completely restart the broker.
+Since version 2.0 of Mosquitto, you can send a SIGHUP to the broker to cause it
+to reload certificates. Prior to this version, mosquitto would never update
+listener settings when running, so you will need to completely restart the
+broker.
 
 [Let's Encrypt]: https://letsencrypt.org/