Certbot does not force Apache2 to read newly generated certificates

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












System: GNU/Linux Debian 9.5 headless.



Situation & Question



I have just caught the Let's Encrypt Certbot to re-generate the SSL certificate but did not reload Apache2. This has resulted in a half-day not functioning domain. I want to automate this. How to go about it?





This is my current Certbot CRON file /etc/cron.d/certbot:



# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew








share

























    up vote
    0
    down vote

    favorite












    System: GNU/Linux Debian 9.5 headless.



    Situation & Question



    I have just caught the Let's Encrypt Certbot to re-generate the SSL certificate but did not reload Apache2. This has resulted in a half-day not functioning domain. I want to automate this. How to go about it?





    This is my current Certbot CRON file /etc/cron.d/certbot:



    # /etc/cron.d/certbot: crontab entries for the certbot package
    #
    # Upstream recommends attempting renewal twice a day
    #
    # Eventually, this will be an opportunity to validate certificates
    # haven't been revoked, etc. Renewal will only occur if expiration
    # is within 30 days.
    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

    0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew








    share























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      System: GNU/Linux Debian 9.5 headless.



      Situation & Question



      I have just caught the Let's Encrypt Certbot to re-generate the SSL certificate but did not reload Apache2. This has resulted in a half-day not functioning domain. I want to automate this. How to go about it?





      This is my current Certbot CRON file /etc/cron.d/certbot:



      # /etc/cron.d/certbot: crontab entries for the certbot package
      #
      # Upstream recommends attempting renewal twice a day
      #
      # Eventually, this will be an opportunity to validate certificates
      # haven't been revoked, etc. Renewal will only occur if expiration
      # is within 30 days.
      SHELL=/bin/sh
      PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

      0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew








      share













      System: GNU/Linux Debian 9.5 headless.



      Situation & Question



      I have just caught the Let's Encrypt Certbot to re-generate the SSL certificate but did not reload Apache2. This has resulted in a half-day not functioning domain. I want to automate this. How to go about it?





      This is my current Certbot CRON file /etc/cron.d/certbot:



      # /etc/cron.d/certbot: crontab entries for the certbot package
      #
      # Upstream recommends attempting renewal twice a day
      #
      # Eventually, this will be an opportunity to validate certificates
      # haven't been revoked, etc. Renewal will only occur if expiration
      # is within 30 days.
      SHELL=/bin/sh
      PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

      0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew






      ssl certificates certbot





      share












      share










      share



      share










      asked 1 min ago









      Vlastimil

      7,0001152125




      7,0001152125




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote















          This can be simply accomplished by adding:



          && apachectl -k graceful


          to the daily Certbot command.



          This way, twice a day:



          • The certificates will get checked for expiration and if expired, then they'll get renewed.


          • Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.





          share




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478195%2fcertbot-does-not-force-apache2-to-read-newly-generated-certificates%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote















            This can be simply accomplished by adding:



            && apachectl -k graceful


            to the daily Certbot command.



            This way, twice a day:



            • The certificates will get checked for expiration and if expired, then they'll get renewed.


            • Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.





            share
























              up vote
              0
              down vote















              This can be simply accomplished by adding:



              && apachectl -k graceful


              to the daily Certbot command.



              This way, twice a day:



              • The certificates will get checked for expiration and if expired, then they'll get renewed.


              • Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.





              share






















                up vote
                0
                down vote










                up vote
                0
                down vote











                This can be simply accomplished by adding:



                && apachectl -k graceful


                to the daily Certbot command.



                This way, twice a day:



                • The certificates will get checked for expiration and if expired, then they'll get renewed.


                • Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.





                share














                This can be simply accomplished by adding:



                && apachectl -k graceful


                to the daily Certbot command.



                This way, twice a day:



                • The certificates will get checked for expiration and if expired, then they'll get renewed.


                • Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.






                share











                share


                share










                answered 1 min ago









                Vlastimil

                7,0001152125




                7,0001152125



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478195%2fcertbot-does-not-force-apache2-to-read-newly-generated-certificates%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?