Do I need to reload or restart apache after renew?


#1

I just installed Let’s Encrypt certificate on my Ubuntu 16.04 Xenial server using:
sudo letsencrypt --apache -d mydomain.com -d www.mydomain.com

Everything works fine and I also set up a cron job to automatically renew the certificate:
30 4 * * * /usr/bin/letsencrypt renew >> /var/log/le-renew.log

Do I need to reload apache configuration after successful renew, or is it included in the letsencrypt renew script? If I remember correctly, I didn’t have to do any reloading or restarting with apache after installing the certificate, everything worked right away. I just want to make sure that my web server keeps working correctly without any intervention needed after the certificate is updated.

Thanks!


#2

In the general case, you do have to reload apache.
However the apache plugin with the tls-sni validation method does reload apache twice as a side effects of the validation procedure, and the second reload happen after the new certificate has been retrieved.
In this particular case reloading apache after a renew may not be required. Keep in mind that if you change validation method (e.g. if you use the webroot plugin) you do have to reload apache after the renew .


#3

Ok, thanks for quick answer!

Do you know does the apache plugin initiate reload or (graceful) restart? If it’s reload, then everything should run fine since it just reloads configuration files without shutting down. Just want to be sure.


#4

I think it reloads and does not restart, but maybe someone can give you a sure answer…


#5

An Apache “reload” defaults to a graceful restart on Gentoo. The other “reload” option is a non-graceful restart :stuck_out_tongue_winking_eye: So much for “reloading”, it all comes down to a restart somehow with Gentoo… But this might differ on your distribution obviously.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.