What do I need to restart after renewing a certificate?

My domain is: bitwarden.arcadie.pro

I ran this command: N/A

It produced this output: N/A

My web server is (include version): Nginx 1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04 LTS

My hosting provider, if applicable, is: Gandi for domaine name, O2Switch for DNS entries

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.31.0

Hello everyone :slight_smile:

I just renewed my certificate using certbot with a DNS challenge and it went fine, but I had an issue where accessing the website still tried to use the old certificate (although everything pointed to the new one).

I tried the good old "turn it off and on" solution and it worked but I'm curious : It seems that I need to restart something in order for the new certificate to be really taken into account and I'd like to know precisely what instead of just rebooting the whole computer.

Does anyone know what it is ? Nginx ? Certbot ?

If you used certbot certonly to create the certificate without telling Certbot to reload nginx, then you'd have to manually reload nginx every time the certificate renews. This is because nginx does not read the certificate off disk every time, for performance reasons.

If you used certbot --nginx to create the certificate, then it would reload nginx automatically for you at every renewal.

If you want to remediate this today, you could open /etc/letsencrypt/renewal/example.com.conf (with your real domain, though), and add this under [renewalparams]:

renew_hook = systemctl reload nginx

and it should be taken care of automatically at your next renewal.


Is used certbot certonly indeed :slight_smile:

Thank you for this very complete and quick answer !


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.