Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Just don't create a file called -rf. :-) -- Larry Wall in <11393@jpl-devvax.JPL.NASA.GOV>

rocksolid / Linux / nginx and letsencrypt

o nginx and letsencryptRetro Guy

Subject: nginx and letsencrypt
From: Retro Guy
Newsgroups: rocksolid.shared.linux
Organization: novaBBS
Date: Sat, 3 Oct 2020 12:05 UTC
From: (Retro Guy)
Newsgroups: rocksolid.shared.linux
Subject: nginx and letsencrypt
Date: Sat, 3 Oct 2020 12:05:34 +0000
Organization: novaBBS
Message-ID: <3e009e785256376aac2bfce570c04235$>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info:; posting-account="retrobbs1";
logging-data="16753"; mail-complaints-to=""
User-Agent: Rocksolid Light (
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs
X-Rslight-Site: $2y$10$L5iGmNzg6HQQlBhXw5P0IOOSQRAMeQWEC1cj7OTukHzJJdHbUs1Sa
View all headers
I noticed something a few days ago when visiting one of my sites and my browser said the cert was expired.

I checked the cert with certbot, which said it was not expired (recently renewed). Then checked remotely with openssl, which said it's expired. I verified that nginx was configured properly to use the correct cert, then finally restarted nginx, which solved the issue.

So I'm assuming that nginx reloads the cert at some interval, but not each connection (which makes sense). The cert had expired within a few hours of me getting the expired message, but had already been renewed. I've never noticed this with my sites since I probably haven't just happened to visit at just the right time.

Anyone else noticed this, or know how often nginx checks the cert?

Retro Guy

Posted on: novaBBS

rocksolid light 0.7.2