Gracious Anthracite is a user on dragon.style. You can listen to them or interact with them if you have an account anywhere in the fediverse.
Gracious Anthracite @anthracite

Okay I just edited the cron job to

1. stop nginx
2. attempt to renew the letsencrypt cert
3. start nginx again

It is NOT PRETTY but it WORKS and you know that's good enough when I have a furry con to run around!

@anthracite that sounds like what I've heard other people talk about doing

Glhf!

@bea @anthracite

did that until certain admins got all upitty with me (not a glitch admin) over my use of a certain cron job

@anthracite

If you're using a recent version of Certbot, there is an nginx (certbot-nginx) module that will automagically handle updating the nginx configs, renewing, and reloading the server for you.

@daggertooth @anthracite it can be even easier than that, if you use webroot authentication. add this to your non-https (port 80) server block:

location /.well-known/acme-challenge/ {
root /var/www/html;
allow all;
}

then set certbot to use /var/www/html as the webroot. it can renew certs with no intervention at all with this setup, its what i've been using since the start

@chr @daggertooth @anthracite

It's actually even easier. Just add

--renew-hook "service nginx reload"

To your certbot Cron, then you don't need to start/stop it. This removes the chance of nginx dying completely, and only the cert renew failing. (Which you should get an email of, and then you can act on it)

@daggertooth nah, I’m using the letsencrypt command. Maybe I should switch to certbot but not while I’m running around the furry con being a hot dragon lady!

@Rachel one that does not involve stopping nginx

But that would involve spending more time on it than I care to spend when I’m on vacation!