Join the community today
Become a Member

Letsencrypt acme.sh not reloading NGINX after cert renewal

Discussion in 'Add Ons' started by fly, Nov 2, 2019.

  1. fly

    fly New Member

    7
    0
    1
    Jul 27, 2019
    Ratings:
    +1
    Local Time:
    3:59 PM
    Please fill in any relevant information that applies to you:
    • CentOS Version: i.e. CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: i.e. 1.17.3
    • When was last time updated Centmin Mod code base ? : About a month ago
    (Also, acme.sh shows it was last modified in July.)

    So as the title suggests, the LE cert renews just fine via cron. However, NGINX never reloads itself. If not done manually, the cert 'expires'.

    This is what I see in the log, but it's certainly not obvious to me what the issue is. I know I could just run all the centmin updates, but I'm hoping to know that there's a fix in there for this before I do it. As once I get a new cert, I assume it's hard to troubleshoot.

    Code:
    [Tue Oct  1 00:31:30 CDT 2019] Found cert chain
    [Tue Oct  1 00:31:30 CDT 2019] _end_n='31'
    [Tue Oct  1 00:31:30 CDT 2019] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/032'
    [Tue Oct  1 00:31:30 CDT 2019] Cert success.
    [Tue Oct  1 00:31:30 CDT 2019] Your cert is in  /root/.acme.sh/k.org/k.org.cer
    [Tue Oct  1 00:31:30 CDT 2019] Your cert key is in  /root/.acme.sh/k.org/k.org.key
    [Tue Oct  1 00:31:30 CDT 2019] v2 chain.
    [Tue Oct  1 00:31:30 CDT 2019] The intermediate CA cert is in  /root/.acme.sh/k.org/ca.cer
    [Tue Oct  1 00:31:30 CDT 2019] And the full chain certs is there:  /root/.acme.sh/k.org/fullchain.cer
    [Tue Oct  1 00:31:30 CDT 2019] Installing cert to:/root/.acme.sh/k.org/k.org.cer
    [Tue Oct  1 00:31:30 CDT 2019] Return code: 1
    [Tue Oct  1 00:31:30 CDT 2019] Error renew k.org.
    [Tue Oct  1 00:31:30 CDT 2019] _error_level='1'
    [Tue Oct  1 00:31:30 CDT 2019] _set_level='2'
    [Tue Oct  1 00:31:30 CDT 2019] The NOTIFY_HOOK is empty, just return.
    [Tue Oct  1 00:31:30 CDT 2019] ===End cron===
    

     
  2. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    6:59 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  3. fly

    fly New Member

    7
    0
    1
    Jul 27, 2019
    Ratings:
    +1
    Local Time:
    3:59 PM
    Okay, I'll make sure that everything gets updated.

    What would be the best way to test this cert update + reload?