nginx Restart Issue after Cert-Update (Letsencrypt)

A
anfassl
  • 8 Dec '22
Hi,

we've got a strange issue with nginx and letsencrypt.
- A daily job is configured to run "certbot renew", which updates all the
certs on a webserver (round about 30 certs)
- After the certbot run we do issue a nginx reload

Issue: The certs aren't updated in nginx
We've than added a hard nginx stop/start in the script. But this doesn't
cure the problem.
When issueing the stop/start on the command line, all is fine.

Any idea, what is the cause for this?
I've did lots of googling, and searching here in the forum as well, but
without any hint.

Thanks for any hint,

Andreas

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,296005,296005#msg-296005
M
Maxim
  • 8 Dec '22
Hello!

On Thu, Dec 08, 2022 at 04:11:11AM -0500, anfassl wrote:

> we've got a strange issue with nginx and letsencrypt.
> - A daily job is configured to run "certbot renew", which updates all the
> certs on a webserver (round about 30 certs)
> - After the certbot run we do issue a nginx reload
> 
> Issue: The certs aren't updated in nginx
> We've than added a hard nginx stop/start in the script. But this doesn't
> cure the problem.
> When issueing the stop/start on the command line, all is fine.
> 
> Any idea, what is the cause for this?
> I've did lots of googling, and searching here in the forum as well, but
> without any hint.

Try looking into nginx error log, the one specified at the global 
level.  If there is an issue with reloading configuration, nginx 
will complain there.

It should also help to make sure that nginx was actually asked by 
your script to reload.  You'll have to set the logging level to 
"notice" though, see http://nginx.org/r/error_log for details.

-- 
Maxim Dounin
http://mdounin.ru/
A
anfassl
  • 11 Dec '22
Hi Maxim,

the script consists of:
- Letsencrypt job (certbot renew) - works fine, certs are being updated
- nginx restart
- nginx stop
- nginx start

but even with those three commands the new certs aren't visible
Only cure so far log in to the server, and issue a restart manually.

The nginx logs don't show any messages - I'm increasing to notice for now.

this is the script

#!/bin/sh
#
#Daily check for new certs
#
# Get certs
certbot renew
# Restart NGINX Instances
service nginx restart
service nginx stop
service nginx start

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,296005,296022#msg-296022
  • Page 1 of 1
Reply