Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Do not underestimate the value of print statements for debugging.


computers / rocksolid.shared.linux / auto reload nginx after letsencrypt cert update

SubjectAuthor
o auto reload nginx after letsencrypt cert updateRetro Guy

1
auto reload nginx after letsencrypt cert update

<e30533d3cc16b5d3b165f34b38645d86$1@news.novabbs.org>

 copy mid   Newsgroups: rocksolid.shared.linux
Path: i2pn2.org!.POSTED!not-for-mail
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.linux
Subject: auto reload nginx after letsencrypt cert update
Date: Wed, 7 Apr 2021 00:21:50 +0000
Organization: Rocksolid Light
Message-ID: <e30533d3cc16b5d3b165f34b38645d86$1@news.novabbs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="26855"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$wdRdZuEsnhMfgYU2FYyJF.CTj0tXUk/.Y.iu1UoF8qIhBJajHsxQ.
 by: Retro Guy - Wed, 7 Apr 2021 00:21 UTC

Getting tired of my sites saying the cert is expired even after it's auto-renewed. Every 90 days, each site does this until either I reload nginx or it happens automatically for some reason.

Note: This is for letsencrypt certs:

renew-hook has been deprecated in recent versions of certbot. Plus, debian moved from using cronjobs for automatic renewals to systemd timer if they are available. On the other hand, now certbot supports having hooks in configuration files. So, instead of what is described above, i would suggest creating a file /etc/letsencrypt/renewal-hooks/deploy/01-reload-nginx with the following content:

#! /bin/sh
set -e

/etc/init.d/nginx configtest
/etc/init.d/nginx reload

don’t forget to make the file executable.

Found the above here: https://www.guyrutenberg.com/2017/01/01/lets-encrypt-reload-nginx-after-renewing-certificates/

Let's see how it does on the next renewals.

Retro Guy
--
Posted on Rocksolid Light

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor