I am running Ubuntu 18.04.1 with Nginx reverse proxy to two different sites on different webservers.
If I load the url in a web browser and check the certificate it says the certificate will expire on the 9/26 yet if I try to run certbot on the reverse proxy it tells me it expires on 11/25 so it doesnt need to be renewed.
I must be getting mixing something up here somehow.
--post-hook POST_HOOK
Command to be run in a shell after attempting to
obtain/renew certificates. Can be used to deploy
renewed certificates, or to restart any servers that
were stopped by --pre-hook. This is only run if an
attempt was made to obtain/renew a certificate. If
multiple renewed certificates have identical post-
hooks, only one will be run.
I wouldn’t recommend this, @JuergenAuer. This will restart nginx every time Certbot runs, even if it doesn’t renew a certificate. Additionally, you don’t need to restart Nginx, you can just reload it. This prevents the brief downtime during a renewal.
It would be better to just use --deploy-hook "service nginx reload"
Nginx needs to be reloaded or restarted before it will use the new certificate. It only reads the configuration – including certificates – when starting or when reloaded.
If you use certbot --nginx, Certbot will automatically take care of that; otherwise, you have to use a hook, or manually reload Nginx some time before the old certificate expires.