First post so be gentle
(Not sure where this should go)
The documentation on installing certbot is brilliant for a newbie (me).
There is one step missing however before step 9 "Confirm that Certbot worked"
Since this is a step by step instruction it needs "sudo service nginx restart" as part of step 9 or before it
I guess it should be self evident to experienced users and It didn't take long (which is unusual) for me to figure out what was needed
First post so be gentle
I think reloading Nginx is done in step 7.
(Either automatically or manually if you use certonly and manual install -- what's missing is a
--deploy-hook when using certonly)
There are a couple of non-intuitive aspects here:
- If you create a certificate using
certbot certonly --nginxas show on that page, all future renewals (via
certbot renew/the cron job) will automatically reload nginx. In that sense, a
--deploy-hookshould not be required.
- If you create, renew or replace a certificate using
certbot certonly --nginx, nginx won't get reloaded. However, once this PR is merged, the behavior will match (1) and a reload will occur.
With the documentation in question, I am not fully understanding where @Berniek ran into issues.
certbot --nginx, no nginx restart would have been required, as Certbot would do it on its own.
certbot certonly --nginx, the nginx configuration would have to be updated by hand after the creation of the certificate, so the reload would have been superfluous anyway. (Except in the case where
certonly is being used to renew/replace the certificate, which will be addressed by (2)).
@Berniek if you have the inclination, I'd appreciate if you could try corroborate your experience with what I've tried to describe here, thank you .
Thank you for your replies
Boy is my face red
It was coincidence that a nginx reload fixed my problem. It was a caching issue with my browser and I actually did a reload of the website after I reloaded nginx.
I think when i went to the website it used the cache version of the page but the reload actually did a real reload.
I am still learning & playing around.
Of all the websites telling me how to do things (most of their content copied and lot just not correct - damn google and their ad revenue!) this documentation is really good at not just telling me how its done but explaining why to do it as well.
(you put the same command in (1) and (2). I assume there's no
certonly in (1))
Intentionally so, I'm just struggling to describe the behavior in a straightforward way.
- If you set an installer, it will get reloaded at renewal time (via
certbot renew). This is the case even if the certificate was created using
--nginxis shorthand for
--authenticator nginx --installer nginx).
- In an upcoming release, the
certonlyverb will also reload the installer, if one is specified.
So if I run
certbot certonly --webroot -w /some/path --installer nginx
certbot certonly --webroot -w /some/path --deploy-hook "some command"
It will get reloaded on renewal. (Even though I don't know if the difference between
run is meaningful in these commands)
But if I run
certbot certonly --webroot -w /some/path
it will not.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.