i did auto renew by run the following commands: sudo crontab -e and include the content 30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
but auto renew doesn’t work. Is that because it doesn’t auto restart my web server?
if so, can i do the following to fix it:
With SSL Labs the only difference between A and A+ is if your sending the HSTS header with an age of at least 6 months.
For renewal it depends on the method used to originally obtain the cert. As the documentation states the 1st example only work if you used standalone, as webroot and the nginx plugin require nginx to be running to complete the challenge. In this case you should use "service nginx reload" with --post-hook or --renew-hook. The 2nd example would make no difference on it’s own and would be used as part of a shell script.
in order for the auto renew to work, i was advised that i need to set web server to restart after auto renew.
Should i just add --service nginx restart in between like the following?
Not quite, you need to prefix the service command with --renew-hook and you should use reload instead of restart to have zero downtime. Your crontab entry should therefore be:
I think in this example you need quotes around "service nginx reload"; otherwise the client will interpret this as --renew-hook service plus two unrecognized parameters, nginx and reload.
Thank you all of you!!!.
If it is apache2, i assume it shall be 30 2 * * 1 /usr/bin/letsencrypt renew --renew-hook "service apache2 reload" >> /var/log/le-renew.log
right?
i did 30 2 * * 1 /usr/bin/letsencrypt renew --renew-hook "service apache2 reload" >> /var/log/le-renew.log to auto renew SSL. however, this past Monday Night i checked /var/log/le-renew.log, there is no such log, is there anything i did was wrong?