Certbot renews cert but apache not reloaded

I am using certbot 1.12.0 on Debian bullseye. The new Let's Encrypt certificate downloads but the Apache configuration is not being reloaded after the new certificate downloads. Here is the command I run:

certbot certonly -c /etc/letsencrypt/myapp-dev.ini --apache --expand --cert-name myapp-dev.example.com -d myapp-dev.example.com,debian-dev.example.com

Here is the configuration file referenced above:

%% /etc/letsencrypt/myapp-dev.ini
preferred-challenges = http
staging = false
dry-run = false
manual = false
agree-tos = true
non-interactive = true

Here are the relevant logs out of /var/log/letsencrypt/letsencrypt.log:

...
2022-10-21 14:32:23,906:DEBUG:certbot._internal.main:certbot version: 1.12.0
2022-10-21 14:32:23,907:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-10-21 14:32:23,907:DEBUG:certbot._internal.main:Arguments: ['-c', '/etc/letsencrypt/myapp-dev.ini', '--apache', '--expand', '--cert-name', 'myapp-dev.example.com', '-d', 'myapp-dev.example.com,debian-dev.example.com']
...
2022-10-21 14:32:31,213:DEBUG:acme.client:Storing nonce: 345...feth
2022-10-21 14:32:31,215:DEBUG:certbot._internal.storage:Writing new private key to /etc/letsencrypt/archive/myapp-dev.example.com/privkey2.pem.
2022-10-21 14:32:31,215:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/archive/myapp-dev.example.com/cert2.pem.
2022-10-21 14:32:31,215:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/archive/myapp-dev.example.com/chain2.pem.
2022-10-21 14:32:31,215:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/archive/myapp-dev.example.com/fullchain2.pem.
2022-10-21 14:32:31,216:DEBUG:certbot._internal.cli:Var pref_challs=http (set by user).
2022-10-21 14:32:31,216:DEBUG:certbot._internal.cli:Var authenticator=apache (set by user).
2022-10-21 14:32:31,216:DEBUG:certbot._internal.cli:Var installer=apache (set by user).
2022-10-21 14:32:31,217:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/myapp-dev.example.com.conf.new.
2022-10-21 14:32:31,220:DEBUG:certbot._internal.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/myapp-dev.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/myapp-dev.example.com/privkey.pem
Your certificate will expire on 2023-01-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew all of your certificates, run "certbot renew"
2022-10-21 14:32:31,220:DEBUG:certbot._internal.reporter:Reporting to user: If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

No, it won't with certonly which requests a cert but does not modify the Apache config to install it. You can use the --deploy-hook (cmd) option to reload Apache with certonly. Just replace (cmd) with whatever you use for that (like: service apache reload).

Or, omit certonly and Certbot will update the Apache config and reload it.

By the way, this behaviour has changed since Certbot 1.27.0. From that version, Certbot will reload the webserver when the combination of certonly with an installer (e.g. --nginx or --apache) is being used.

But Debian is obviously shipping old stuff as usual

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.