Hi,
I have a question regarding the automatic certificate renewal in a combination with nginx server.
I have used certbot certonly --webroot
command to get the certificate, something like:
cerbot certonly --webroot -w /var/www/example.com -d example.com
Nginx virtual host references certificates in /etc/letsencrypt
directory directly:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Everything is working good.
As the last step, I wanted to configure the automatic renewal as a cron job. First, I have checked if the renewal works using the dry run: certbot renew --dry-run
. But when I wanted to create a cron job, I noticed that it already exists in the file /etc/cron.d/certbot
with the following content:
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
So it runs every 12 hours. That’s fine but it’s not reloading nginx so it won’t load the new certificate. I haven’t used the nginx
plugin so certbot is not even aware I’m using nginx.
What should I do, please? Simply delete the existing cron job and create a new one with --post-hook="service nginx reload
? Won’t certbot re-create the default cron job?
Thank you.