How do I get EE to restart Nginx after LetsEncrypt renewal? (EE 3.8.1)


#1

I have a cron job set up to renew the Let’s Encrypt cert on my EE server. The only issue is that it doesn’t restart Nginx, so the certificate still requires my manual intervention every 90 days.

#0 0 */15 * * /opt/letsencrypt/letsencrypt-auto renew >> /home/jonathan99/logs/sslrenew.log

#0 12 * * * root /usr/local/bin ee site update --le=renew --all >> /var/log/ee/sslrenew.log 

#0 0 * * 0 sudo ee site update --le=renew --all 2> /dev/null 

@daily sudo ee site update --le=renew --all  >> /home/jonathan99/logs/sslrenew.log 

I’ve tried all of the above commands, based on various suggestions I’ve seen for getting the renewal to work. Previously the certificate would fail to renew, but now with the forth of those commands it works.

I tried adding, --post-hook 'sudo ee stack reload --nginx' but I guess ee doesn’t accept regular Let’s Encrypt post hooks.

So how do I get it to restart Nginx after a successful certificate renewal?

I have EE v3.8.1

Just use certbot?

Is there any reason to not just use the standard certbot method, and include the --post-hook to restart Nginx?


#2

You dont need to restart nginx.
You need to reload its config and it should be fine.

A suggested method would be to include the renewal command and reload command onto a single batch script that will be run under a crontab.


#3

Thanks for the suggestion.

I had understood that the ee renewal of LE certificate would do whatever is required (e.g., reload or restart Nginx config) automatically. Is that not correct?

Is there any disadvantages to reload the nginx config every day?


#4

Generally speaking, no, its not an issue to reload the config.


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.