The certificate renewed but nginx didn't get reloaded by the post-hook for some reason
Post-mortem: The certbot package defined a systemd timer and a /etc/cron.d/ entry for renewal, so my own crontab entry that defined a post-hook never got to do the renewing
@gargron I had exactly the same problem when I started using certbot, super annoying!
@benofbrown I write a script call by cron to check if the NGinx was still alive, after 3 try (10 minutes total) it try to restart the service.@Gargron
@C_Chell @gargron Restart or reload? Restart's probably overkill.
It works fine now with my actual hook in place. I noticed it before the cert expired as my hook emails a notification and that notification wasn't being sent.
@benofbrown On my configuration, I notice NGinx was reload but at the same time, certbot didn't release the ports so NGinx won't load the ports and I need to do a "service restart" to force NGinx to relisten on 80 and 443.@Gargron
@C_Chell You might want to look at running certbot in certonly/webroot mode, it's a lot less intrusive.
@benofbrown I change it recently, but I have to recheck the configuraiton soon to be sure.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!