Certbot does not force Apache2 to read newly generated certificates
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
System: GNU/Linux Debian 9.5 headless.
Situation & Question
I have just caught the Let's Encrypt Certbot to re-generate the SSL certificate but did not reload Apache2. This has resulted in a half-day not functioning domain. I want to automate this. How to go about it?
This is my current Certbot CRON file /etc/cron.d/certbot
:
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
ssl certificates certbot
add a comment |Â
up vote
0
down vote
favorite
System: GNU/Linux Debian 9.5 headless.
Situation & Question
I have just caught the Let's Encrypt Certbot to re-generate the SSL certificate but did not reload Apache2. This has resulted in a half-day not functioning domain. I want to automate this. How to go about it?
This is my current Certbot CRON file /etc/cron.d/certbot
:
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
ssl certificates certbot
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
System: GNU/Linux Debian 9.5 headless.
Situation & Question
I have just caught the Let's Encrypt Certbot to re-generate the SSL certificate but did not reload Apache2. This has resulted in a half-day not functioning domain. I want to automate this. How to go about it?
This is my current Certbot CRON file /etc/cron.d/certbot
:
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
ssl certificates certbot
System: GNU/Linux Debian 9.5 headless.
Situation & Question
I have just caught the Let's Encrypt Certbot to re-generate the SSL certificate but did not reload Apache2. This has resulted in a half-day not functioning domain. I want to automate this. How to go about it?
This is my current Certbot CRON file /etc/cron.d/certbot
:
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
ssl certificates certbot
ssl certificates certbot
asked 1 min ago
Vlastimil
7,0001152125
7,0001152125
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
This can be simply accomplished by adding:
&& apachectl -k graceful
to the daily Certbot command.
This way, twice a day:
The certificates will get checked for expiration and if expired, then they'll get renewed.
Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
This can be simply accomplished by adding:
&& apachectl -k graceful
to the daily Certbot command.
This way, twice a day:
The certificates will get checked for expiration and if expired, then they'll get renewed.
Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.
add a comment |Â
up vote
0
down vote
This can be simply accomplished by adding:
&& apachectl -k graceful
to the daily Certbot command.
This way, twice a day:
The certificates will get checked for expiration and if expired, then they'll get renewed.
Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
This can be simply accomplished by adding:
&& apachectl -k graceful
to the daily Certbot command.
This way, twice a day:
The certificates will get checked for expiration and if expired, then they'll get renewed.
Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.
This can be simply accomplished by adding:
&& apachectl -k graceful
to the daily Certbot command.
This way, twice a day:
The certificates will get checked for expiration and if expired, then they'll get renewed.
Apache will get reloaded. Apache will advise its threads to exit when idle, and then apache reloads the configuration.
answered 1 min ago
Vlastimil
7,0001152125
7,0001152125
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478195%2fcertbot-does-not-force-apache2-to-read-newly-generated-certificates%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password