Eugen

The certificate renewed but nginx didn't get reloaded by the post-hook for some reason

1+
Eugen

Post-mortem: The certbot package defined a systemd timer and a /etc/cron.d/ entry for renewal, so my own crontab entry that defined a post-hook never got to do the renewing

1+
Ben 🇪🇺
Follow

@gargron I had exactly the same problem when I started using certbot, super annoying!

· · Web · 1 · 0 · 0
C_Chell

@benofbrown
I write a script call by cron to check if the NGinx was still alive, after 3 try (10 minutes total) it try to restart the service.
@Gargron

1
Ben 🇪🇺

@C_Chell @gargron Restart or reload? Restart's probably overkill.

It works fine now with my actual hook in place. I noticed it before the cert expired as my hook emails a notification and that notification wasn't being sent.

1
C_Chell

@benofbrown
On my configuration, I notice NGinx was reload but at the same time, certbot didn't release the ports so NGinx won't load the ports and I need to do a "service restart" to force NGinx to relisten on 80 and 443.
@Gargron

1
Ben 🇪🇺

@C_Chell You might want to look at running certbot in certonly/webroot mode, it's a lot less intrusive.

1
C_Chell

@benofbrown I change it recently, but I have to recheck the configuraiton soon to be sure.

0
Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Resources

Developers

What is Mastodon?

octodon.social

More…

v3.5.2+glitch · Privacy policy