Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Acme.sh not reloading WS on renew #12

New Issue
Closed
opened 2021-03-11 11:21:40 +01:00 by bprieshof · 3 comments
bprieshof commented 2021-03-11 11:21:40 +01:00 (Migrated from 192.168.2.138:3000)
Copy Link

Problem

Nginx did not reload after renew, resulting in nginx presenting the user with a invalid Cert.

Solution

  • Add install-cert command
acme.sh --install-cert -d example.com --cert-file /etc/acmesh/ActiveCerts/<DomainName>/cert.pem --key-file /etc/acmesh/ActiveCerts/<DomainName>/key.pem --fullchain-file /etc/acmesh/ActiveCerts/<DomainName>/fullchain.pem --reloadcmd "service <WS> force-reload"
  • Set WS to use the ActiveCerts folder for its certs
  • Backport change to existing servers
### Problem Nginx did not reload after renew, resulting in nginx presenting the user with a invalid Cert. ### Solution * Add install-cert command ``` acme.sh --install-cert -d example.com --cert-file /etc/acmesh/ActiveCerts/<DomainName>/cert.pem --key-file /etc/acmesh/ActiveCerts/<DomainName>/key.pem --fullchain-file /etc/acmesh/ActiveCerts/<DomainName>/fullchain.pem --reloadcmd "service <WS> force-reload" ``` * Set WS to use the ActiveCerts folder for its certs * Backport change to existing servers
bprieshof commented 2021-03-24 14:49:50 +01:00 (Migrated from 192.168.2.138:3000)
Copy Link

Wrote HotFix Scipt for existing servers,
Expected rollout to effected servers before Week 14

Script was writen to test the solution for this bug
Current priority is implemantation of permanet solution, ETA: friday of week 12

Run for each domain(excluding www.*):

bash <(curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/attachments/4078f3a5-7f5e-4a15-bf4d-b3f3e4f22fa3)

Run once for Backend

bash <(curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/attachments/59ad785c-20d3-444c-838e-2fe44951efb8)
Wrote HotFix Scipt for existing servers, Expected rollout to effected servers before Week 14 Script was writen to test the solution for this bug Current priority is implemantation of permanet solution, ETA: friday of week 12 Run for each domain(excluding www.*): ``` bash <(curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/attachments/4078f3a5-7f5e-4a15-bf4d-b3f3e4f22fa3) ``` Run once for Backend ``` bash <(curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/attachments/59ad785c-20d3-444c-838e-2fe44951efb8) ```
bprieshof commented 2021-03-25 15:38:18 +01:00 (Migrated from 192.168.2.138:3000)
Copy Link

Fix implemented and tested
Tested on a EL8 and a Deb Platform with Apache and NGINX

So for new servers consider this issue Closed

Next step is to roll out the HotFix to existing Web-V2 servers, target is still before Week 14

Fix implemented and tested Tested on a EL8 and a Deb Platform with Apache and NGINX So for new servers consider this issue Closed Next step is to roll out the HotFix to existing Web-V2 servers, target is still before Week 14
bprieshof commented 2021-03-31 14:22:22 +02:00 (Migrated from 192.168.2.138:3000)
Copy Link
  • Fix rolled out to effected servers
- [x] Fix rolled out to effected servers
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something is not working
 duplicate
This issue or pull request already exists
 enhancement
New feature
 help wanted
Need some help
 invalid
Something is wrong
 question
More information is needed
 Reminder
wontfix
This won't be fixed
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
brammp
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Work_Archive/VPS-scripts_Web-V2#12
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?