I just installed Let’s Encrypt certificate on my Ubuntu 16.04 Xenial server using:
sudo letsencrypt --apache -d mydomain.com -d www.mydomain.com
Everything works fine and I also set up a cron job to automatically renew the certificate:
30 4 * * * /usr/bin/letsencrypt renew >> /var/log/le-renew.log
Do I need to reload apache configuration after successful renew, or is it included in the letsencrypt renew script? If I remember correctly, I didn’t have to do any reloading or restarting with apache after installing the certificate, everything worked right away. I just want to make sure that my web server keeps working correctly without any intervention needed after the certificate is updated.
In the general case, you do have to reload apache.
However the apache plugin with the tls-sni validation method does reload apache twice as a side effects of the validation procedure, and the second reload happen after the new certificate has been retrieved.
In this particular case reloading apache after a renew may not be required. Keep in mind that if you change validation method (e.g. if you use the webroot plugin) you do have to reload apache after the renew .
Do you know does the apache plugin initiate reload or (graceful) restart? If it’s reload, then everything should run fine since it just reloads configuration files without shutting down. Just want to be sure.
An Apache “reload” defaults to a graceful restart on Gentoo. The other “reload” option is a non-graceful restart So much for “reloading”, it all comes down to a restart somehow with Gentoo… But this might differ on your distribution obviously.
So much for “reloading”, it all comes down to a restart somehow with Gentoo… But this might differ on your distribution obviously.