The certificate renewed but nginx didn't get reloaded by the post-hook for some reason

Post-mortem: The certbot package defined a systemd timer and a /etc/cron.d/ entry for renewal, so my own crontab entry that defined a post-hook never got to do the renewing

@Gargron i was frantically trying to find you elsewhere <3

@Keltounet @Gargron more like problem exists between systemd and chair... hue hue hue...

@Gargron had the exact same issue recently. fun. fun. fun.

@gargron I had exactly the same problem when I started using certbot, super annoying!

I write a script call by cron to check if the NGinx was still alive, after 3 try (10 minutes total) it try to restart the service.

@C_Chell @gargron Restart or reload? Restart's probably overkill.

It works fine now with my actual hook in place. I noticed it before the cert expired as my hook emails a notification and that notification wasn't being sent.

On my configuration, I notice NGinx was reload but at the same time, certbot didn't release the ports so NGinx won't load the ports and I need to do a "service restart" to force NGinx to relisten on 80 and 443.

@C_Chell You might want to look at running certbot in certonly/webroot mode, it's a lot less intrusive.

@benofbrown I change it recently, but I have to recheck the configuraiton soon to be sure.

@Gargron I think I also had this issue, thanks for diagnosing

@Gargron I've added my hook to the certbot config file before so I could just rely on the default timer - but the documentation on how to do this (and on the config file format in general) was really bad or missing.

Sign in to participate in the conversation

The original server operated by the Mastodon gGmbH non-profit