Documentation for installing certbot

First post so be gentle :slightly_smiling_face:
(Not sure where this should go)
The documentation on installing certbot is brilliant for a newbie (me).
There is one step missing however before step 9 "Confirm that Certbot worked"
Since this is a step by step instruction it needs "sudo service nginx restart" as part of step 9 or before it
I guess it should be self evident to experienced users and It didn't take long (which is unusual) for me to figure out what was needed

1 Like

I think reloading Nginx is done in step 7. :wink:

(Either automatically or manually if you use certonly and manual install -- what's missing is a --deploy-hook when using certonly)

4 Likes

There are a couple of non-intuitive aspects here:

  1. If you create a certificate using certbot certonly --nginx as show on that page, all future renewals (via certbot renew/the cron job) will automatically reload nginx. In that sense, a --deploy-hook should not be required.
  2. If you create, renew or replace a certificate using certbot certonly --nginx, nginx won't get reloaded. However, once this PR is merged, the behavior will match (1) and a reload will occur.

With the documentation in question, I am not fully understanding where @Berniek ran into issues.

If using certbot --nginx, no nginx restart would have been required, as Certbot would do it on its own.

If using certbot certonly --nginx, the nginx configuration would have to be updated by hand after the creation of the certificate, so the reload would have been superfluous anyway. (Except in the case where certonly is being used to renew/replace the certificate, which will be addressed by (2)).

@Berniek if you have the inclination, I'd appreciate if you could try corroborate your experience with what I've tried to describe here, thank you :heart: .

4 Likes

Thank you for your replies
Boy is my face red :hot_face:
It was coincidence that a nginx reload fixed my problem. It was a caching issue with my browser and I actually did a reload of the website after I reloaded nginx.
I think when i went to the website it used the cache version of the page but the reload actually did a real reload.
I am still learning & playing around.
Of all the websites telling me how to do things (most of their content copied and lot just not correct - damn google and their ad revenue!) this documentation is really good at not just telling me how its done but explaining why to do it as well.

2 Likes

(you put the same command in (1) and (2). I assume there's no certonly in (1))

2 Likes

Intentionally so, I'm just struggling to describe the behavior in a straightforward way.

Maybe:

  1. If you set an installer, it will get reloaded at renewal time (via certbot renew). This is the case even if the certificate was created using certonly. (--nginx is shorthand for --authenticator nginx --installer nginx).
  2. In an upcoming release, the certonly verb will also reload the installer, if one is specified.
5 Likes

So if I run

certbot certonly --webroot -w /some/path --installer nginx
or
certbot certonly --webroot -w /some/path --deploy-hook "some command"

It will get reloaded on renewal. (Even though I don't know if the difference between certonly and run is meaningful in these commands)

But if I run

certbot certonly --webroot -w /some/path

it will not.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.