Hi Aki, it doesn't happen very often but the certificate renew can fail, so it's best to check daily. certbot will only try to renew those certificates that are about to expire in a few weeks.
I'm using a little perl script via cron which may be more flexible: #!/usr/bin/perl my $reload_count; open(FF, "find /etc/letsencrypt/live -mtime -1 -name cert.pem |"); while(<FF>){ chomp; next if !$_; system("/usr/bin/logger \"sslreload: ssl certificate $_ needs reload after renew\""); $reload_count++; } close(FF); if($reload_count){ system("/usr/bin/logger \"sslreload: $reload_count certificates changed, reloading services\""); # list all your affected services or rsync/reload on other nodes # some services need restart, not reload system("/usr/bin/systemctl reload httpd"); system("/usr/bin/systemctl reload postfix"); system("/usr/bin/systemctl restart vsftpd"); } else { system("/usr/bin/logger \"sslreload: nothing to reload\""); } Save to /usr/bin/sslreload and chmod 700 crontab -e 0 18 * * * /usr/bin/certbot renew --quiet --no-self-upgrade --allow-subset-of-names; /usr/bin/sslreload Best regards Gerald > Am 10.01.2019 um 09:14 schrieb Aki Tuomi <aki.tu...@open-xchange.com>: > > Would be better if it would happen automatically though. > > Aki > > On 10.1.2019 10.04, Filipe Carvalho wrote: >> Yup, that did the trick. >> >> Thanks! >> >> Filipe >> >> >> On 1/10/19 7:47 AM, Aki Tuomi wrote: >>> >>> >>> On 10.1.2019 9.42, Filipe Carvalho wrote: >>>> Hello, >>>> >>>> Not sure if this is the right place to post this, but the ssl certificate >>>> of the repo.dovecot.org server expired on the 9th of January. >>>> >>>> It's giving an error via the browser and via the apt command in Debian: >>>> >>>> W: Failed to fetch >>>> https://repo.dovecot.org/ce-2.3-latest/debian/jessie/dists/jessie/main/binary-amd64/Packages >>>> server certificate verification failed. CAfile: >>>> /etc/ssl/certs/ca-certificates.crt CRLfile: none >>>> >>>> Cheers! >>>> >>>> Filipe Carvalho >>>> >>>> -- >>>> <pnhmgoiocebmonnh.png> >>>> Filipe Carvalho >>>> Infraestruturas Tecnológicas / IT infrastructures >>>> >>>> fili...@uporto.pt >>> >>> >>> Amazing this certbot thing... >>> >>> [Unit] >>> Description=Certbot >>> Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html >>> Documentation=https://letsencrypt.readthedocs.io/en/latest/ >>> [Service] >>> Type=oneshot >>> ExecStart=/usr/bin/certbot -q renew --post-hook >>> /etc/letsencrypt/post.hooks.d/reload >>> PrivateTmp=true >>> >>> one would think this would work and reload nginx after the cert has been >>> renewed... >>> >>> Aki >>>