paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

certbot: Use --deploy-hook to get the cert actually served.

Browse Source 
Certbot replaces the cert files under /etc/letsencrypt/live/,
which our nginx config refers to symlinks to; but it doesn't
tell nginx there's been an update, so nginx keeps serving the
old cert.

This is fine as long as nginx is restarted, or just told to
reload its config, at some point before the cert actually
expires about 30 days later.  Which is probably the common
case, but of course we should make it just work.  So, if we
actually renew a cert, tell nginx to reload its config now.
This commit is contained in:
Greg Price
2017-11-15 13:57:10 -08:00
committed by Tim Abbott
parent ae901309fc
commit 84f956f5f1
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/lib/certbot-maybe-renew
View File

@@ -16,4 +16,5 @@ if ! zulip_conf_get_boolean certbot auto_renew; then
fi
/usr/local/sbin/certbot-auto renew --quiet \
--webroot --webroot-path=/var/lib/zulip/certbot-webroot/
--webroot --webroot-path=/var/lib/zulip/certbot-webroot/ \
--deploy-hook 'service nginx reload'