The certificate renewed but nginx didn't get reloaded by the post-hook for some reason

Post-mortem: The certbot package defined a systemd timer and a /etc/cron.d/ entry for renewal, so my own crontab entry that defined a post-hook never got to do the renewing


@gargron I had exactly the same problem when I started using certbot, super annoying!

· · Web · 1 · 0 · 0

I write a script call by cron to check if the NGinx was still alive, after 3 try (10 minutes total) it try to restart the service.

@C_Chell @gargron Restart or reload? Restart's probably overkill.

It works fine now with my actual hook in place. I noticed it before the cert expired as my hook emails a notification and that notification wasn't being sent.

On my configuration, I notice NGinx was reload but at the same time, certbot didn't release the ports so NGinx won't load the ports and I need to do a "service restart" to force NGinx to relisten on 80 and 443.

@C_Chell You might want to look at running certbot in certonly/webroot mode, it's a lot less intrusive.

@benofbrown I change it recently, but I have to recheck the configuraiton soon to be sure.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!