Hi Aki,
it doesn't happen very often but the certificate renew can fail, so it's best
to check daily. certbot will only try to renew those certificates that are
about to expire in a few weeks.
I'm using a little perl script via cron which may be more flexible:
#!/usr/bin/perl
my $reload_count;
open(FF, "find /etc/letsencrypt/live -mtime -1 -name cert.pem |");
while(<FF>){
chomp;
next if !$_;
system("/usr/bin/logger \"sslreload: ssl certificate $_ needs reload
after renew\"");
$reload_count++;
}
close(FF);
if($reload_count){
system("/usr/bin/logger \"sslreload: $reload_count certificates
changed, reloading services\"");
# list all your affected services or rsync/reload on other nodes
# some services need restart, not reload
system("/usr/bin/systemctl reload httpd");
system("/usr/bin/systemctl reload postfix");
system("/usr/bin/systemctl restart vsftpd");
} else {
system("/usr/bin/logger \"sslreload: nothing to reload\"");
}
Save to /usr/bin/sslreload and chmod 700
crontab -e
0 18 * * * /usr/bin/certbot renew --quiet --no-self-upgrade
--allow-subset-of-names; /usr/bin/sslreload
Best regards
Gerald
> Am 10.01.2019 um 09:14 schrieb Aki Tuomi <aki.tu...@open-xchange.com>:
>
> Would be better if it would happen automatically though.
>
> Aki
>
> On 10.1.2019 10.04, Filipe Carvalho wrote:
>> Yup, that did the trick.
>>
>> Thanks!
>>
>> Filipe
>>
>>
>> On 1/10/19 7:47 AM, Aki Tuomi wrote:
>>>
>>>
>>> On 10.1.2019 9.42, Filipe Carvalho wrote:
>>>> Hello,
>>>>
>>>> Not sure if this is the right place to post this, but the ssl certificate
>>>> of the repo.dovecot.org server expired on the 9th of January.
>>>>
>>>> It's giving an error via the browser and via the apt command in Debian:
>>>>
>>>> W: Failed to fetch
>>>> https://repo.dovecot.org/ce-2.3-latest/debian/jessie/dists/jessie/main/binary-amd64/Packages
>>>> server certificate verification failed. CAfile:
>>>> /etc/ssl/certs/ca-certificates.crt CRLfile: none
>>>>
>>>> Cheers!
>>>>
>>>> Filipe Carvalho
>>>>
>>>> --
>>>> <pnhmgoiocebmonnh.png>
>>>> Filipe Carvalho
>>>> Infraestruturas Tecnológicas / IT infrastructures
>>>>
>>>> fili...@uporto.pt
>>>
>>>
>>> Amazing this certbot thing...
>>>
>>> [Unit]
>>> Description=Certbot
>>> Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
>>> Documentation=https://letsencrypt.readthedocs.io/en/latest/
>>> [Service]
>>> Type=oneshot
>>> ExecStart=/usr/bin/certbot -q renew --post-hook
>>> /etc/letsencrypt/post.hooks.d/reload
>>> PrivateTmp=true
>>>
>>> one would think this would work and reload nginx after the cert has been
>>> renewed...
>>>
>>> Aki
>>>
