Certificate Deployed Without Reload


#1

Hi, Grateful for any help you can offer.

I’ve renewed my certificate (it was previously auto-renewing under cron but had stopped for some reason). But it is not updating on the browser, or SSL checkers to the new date.

I’ve checked the sym links and they look fine, the new /live/wavellroom.com/ files are sym linked to .pem3 files that are updated at the same date that i updated the certificates.

My domain is: wavellroom.com

I ran this command: sudo ./certbot-auto renew

It produced this output:

Processing /etc/letsencrypt/renewal/wavellroom.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for wavellroom.com
http-01 challenge for www.wavellroom.com
Waiting for verification…
Cleaning up challenges


new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/wavellroom.com/fullchain.pem


Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/wavellroom.com/fullchain.pem (success)

My web server is (include version): Apache/2.4.27 (Unix)

The operating system my web server runs on is (include version): Amazon Linux 2017

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

p.s. I have restarted apache


#3

What’s the Apache configuration?

Reloading Apache – and you can configure Certbot to do so using a deploy hook – should be all that’s necessary. Restarting it should have worked.


#4

Thanks for helping out.

Sorry you may have to clarify the question for me.

It’s a bitnami deployment if that helps.

The restart is deployed through a script (ctlscript.sh)


#5

It sounds like you just need to add a --post-hook (or ----renew-hook if supported) command to reload apache when the cert is renewed.

found this at https://certbot.eff.org/docs/using.html
If you want your hook to run only after a successful renewal, use --deploy-hook in a command like this.
certbot renew --deploy-hook /path/to/deploy-hook-script


#6

Rudy that’s really helpful pointer. Thank you.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.