Certbot renew certificate and reload your server

20. September 2018
https certbot letsencrypt network web

Ever wondered why you ran into a SEC_ERROR_EXPIRED_CERTIFICATE or something alike? You surely set up the automatic certificate renewal with certbot correctly. But did you also reload your web server?

nginx loads the certificate files only on startup, so it won’t use the new ones if not explicitly told to do so. A quick fix is to add && service nginx reload at the end of the certbot cron entry in /etc/cron.d/certbot. The line should look something like this:

*/12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl-e 'sleep int(rand(43200))' && certbot -q renew && service nginx reload

This will prevent the above mentioned errors in the future. Nginx will be notified to reload all config files and certificates after certbot successfully renewed all certificates.