[BlueOnyx:22643] Re: Let’s encrypt issue
Michael Stauber
mstauber at blueonyx.it
Sun Jan 27 17:22:54 -05 2019
Hi Keith,
> We have cron’s that start on boot these servers don’t use ssl let’s
> encrypt certs. So each morning the services are resetting because acme
> keeps trying to get certs now.
Sorry, but that does not appear to be correct. And you can easily test
it to confirm that what I say is right:
Run a "tail -f /var/log/httpd/error_log" to check your Apache error log.
Restart Apache:
/sbin/service httpd restart
You will see something like this in error_log and it tells you that
Apache was restarted:
Apache/2.4.6 (CentOS) mod_jk/1.2.40 OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
PHP/5.4.16 mod_perl/2.0.9-dev Perl/v5.16.3 configured -- resuming normal
operations
Now run both the daily cronjob of Let's Encrypt and the cronjob from
"crontab -l" in your shell:
>From /etc/cron.daily/letsencrypt.cron:
---------------------------------------
/usr/sausalito/sbin/letsencrypt_autorenew.pl -a
>From the crontab:
-----------------
/usr/sausalito/acme/acme.sh --cron --home /usr/sausalito/acme
--config-home /usr/sausalito/acme/data
Tell me if your Apache was restarted. Most likely it wasn't.
Yes, the morning *after* the first time that "blueonyx-le-acme" was
installed we had to restart Apache during the first run of both
cronjobs. That was a transitional necessity.
But afterwards? It'll only restart Apache *if* there is actually an LE
cert found that needs renewal.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list