Documentation for installing certbot

Berniek · March 4, 2022, 11:43pm

First post so be gentle
(Not sure where this should go)
The documentation on installing certbot is brilliant for a newbie (me).
There is one step missing however before step 9 "Confirm that Certbot worked"
Since this is a step by step instruction it needs "sudo service nginx restart" as part of step 9 or before it
I guess it should be self evident to experienced users and It didn't take long (which is unusual) for me to figure out what was needed

9peppe · March 4, 2022, 11:56pm

I think reloading Nginx is done in step 7.

(Either automatically or manually if you use certonly and manual install -- what's missing is a --deploy-hook when using certonly)

_az · March 5, 2022, 4:19am

There are a couple of non-intuitive aspects here:

If you create a certificate using certbot certonly --nginx as show on that page, all future renewals (via certbot renew/the cron job) will automatically reload nginx. In that sense, a --deploy-hook should not be required.
If you create, renew or replace a certificate using certbot certonly --nginx, nginx won't get reloaded. However, once this PR is merged, the behavior will match (1) and a reload will occur.

With the documentation in question, I am not fully understanding where @Berniek ran into issues.

If using certbot --nginx, no nginx restart would have been required, as Certbot would do it on its own.

If using certbot certonly --nginx, the nginx configuration would have to be updated by hand after the creation of the certificate, so the reload would have been superfluous anyway. (Except in the case where certonly is being used to renew/replace the certificate, which will be addressed by (2)).

@Berniek if you have the inclination, I'd appreciate if you could try corroborate your experience with what I've tried to describe here, thank you .

Berniek · March 5, 2022, 7:07am

Thank you for your replies
Boy is my face red
It was coincidence that a nginx reload fixed my problem. It was a caching issue with my browser and I actually did a reload of the website after I reloaded nginx.
I think when i went to the website it used the cache version of the page but the reload actually did a real reload.
I am still learning & playing around.
Of all the websites telling me how to do things (most of their content copied and lot just not correct - damn google and their ad revenue!) this documentation is really good at not just telling me how its done but explaining why to do it as well.

9peppe · March 5, 2022, 9:15am

(you put the same command in (1) and (2). I assume there's no certonly in (1))

_az · March 5, 2022, 9:40am

Intentionally so, I'm just struggling to describe the behavior in a straightforward way.

Maybe:

If you set an installer, it will get reloaded at renewal time (via certbot renew). This is the case even if the certificate was created using certonly. (--nginx is shorthand for --authenticator nginx --installer nginx).
In an upcoming release, the certonly verb will also reload the installer, if one is specified.

9peppe · March 5, 2022, 9:57am

So if I run

certbot certonly --webroot -w /some/path --installer nginx
or
certbot certonly --webroot -w /some/path --deploy-hook "some command"

It will get reloaded on renewal. (Even though I don't know if the difference between certonly and run is meaningful in these commands)

But if I run

certbot certonly --webroot -w /some/path

it will not.

system · April 4, 2022, 9:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Should I use "--nginx" after "certbot certonly"? Help	9	4099	May 18, 2020
Why does certbot not reload if it does run the deploy hook? Help	3	2147	March 29, 2019
Doest certbot automaticly reload nginx on successful renew? Server	6	4729	September 17, 2017
Certbot/nginx clarifications Help	5	846	April 21, 2023
Certbot + nginx + automatic renewal Server	3	7950	December 23, 2017

Documentation for installing certbot

Related topics