Just don't create a file called -rf. :-) -- Larry Wall in <11393@jpl-devvax.JPL.NASA.GOV>

rocksolid / Linux / nginx and letsencrypt

Subject: nginx and letsencrypt
From: Retro Guy
Newsgroups: rocksolid.shared.linux
Organization: novaBBS
Date: Sat, 3 Oct 2020 12:05 UTC

Path: i2pn2.org!.POSTED!not-for-mail
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.linux
Subject: nginx and letsencrypt
Date: Sat, 3 Oct 2020 12:05:34 +0000
Organization: novaBBS
Message-ID: <3e009e785256376aac2bfce570c04235$1@www.novabbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="16753"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs
X-Rslight-Site: $2y$10$L5iGmNzg6HQQlBhXw5P0IOOSQRAMeQWEC1cj7OTukHzJJdHbUs1Sa

View all headers

I noticed something a few days ago when visiting one of my sites and my browser said the cert was expired.

I checked the cert with certbot, which said it was not expired (recently renewed). Then checked remotely with openssl, which said it's expired. I verified that nginx was configured properly to use the correct cert, then finally restarted nginx, which solved the issue.

So I'm assuming that nginx reloads the cert at some interval, but not each connection (which makes sense). The cert had expired within a few hours of me getting the expired message, but had already been renewed. I've never noticed this with my sites since I probably haven't just happened to visit at just the right time.

Anyone else noticed this, or know how often nginx checks the cert?

Retro Guy

--
Posted on: novaBBS
www.novabbs.com

Subject	Author
nginx and letsencrypt	Retro Guy