Acme.sh add reloadcmd to existing certs

plann · January 4, 2021, 1:33pm

Hi.
I'm having trouble applying a --reloadcmd "service nginx reload" to acme.sh. I found out that this is not applicable during cron execution by design, so I tried running this command to update all my certs with a reloadcmd:

acme.sh --renew-all --home "/root/.acme.sh" --cert-home "/etc/letsencrypt/live" --reloadcmd "service nginx reload" >> /root/acme.sh.cron

This does, however, not work. My certificates are successfully renewed, but NGINX isn't reloaded to reflect the change. I have to do this manually.
Any idea how to add reload-cmd's the correct way to existing certificates without breaking anything?

griffin · January 4, 2021, 1:50pm

I tend to use "nginx -s reload" myself, but I'm not exactly sure of the fit with acme.sh.

sahsanu · January 4, 2021, 2:20pm

Hello @plann,

Warning: Always backup your /root/.acme.sh directory and as you are using it, also /etc/letsencrypt/live/ just in case.

acme.sh --install-cert -d hereyourdomain --home "/root/.acme.sh/" --cert-home "/etc/letsencrypt/live" --reloadcmd "service nginx reload"

You should do this one by one for all your certificates or create a simple for loop that checks the names in /etc/letsencrypt/live/ and add them to the acme.sh command.

Edit: I forgot to add the for loop example.

for i in /etc/letsencrypt/live/*; do acme.sh --install-cert -d $(basename $i) --home "/root/.acme.sh/" --cert-home "/etc/letsencrypt/live" --reloadcmd "service nginx reload"; done

Cheers,
sahsanu