novaBBS - rocksolid.shared.linux - nginx and letsencrypt

nginx and letsencrypt

rocksolid.shared.linux

Path: i2pn2.org!.POSTED!not-for-mail
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.linux
Subject: nginx and letsencrypt
Date: Sat, 3 Oct 2020 12:05:34 +0000
Organization: novaBBS
Message-ID: <3e009e785256376aac2bfce570c04235$1@www.novabbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="16753"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs
X-Rslight-Site: $2y$10$L5iGmNzg6HQQlBhXw5P0IOOSQRAMeQWEC1cj7OTukHzJJdHbUs1Sa
Xref: rslight rocksolid.shared.linux:72

by: Retro Guy - Sat, 3 Oct 2020 12:05 UTC

I noticed something a few days ago when visiting one of my sites and my browser
said the cert was expired.

I checked the cert with certbot, which said it was not expired (recently
renewed). Then checked remotely with openssl, which said it's expired. I
verified that nginx was configured properly to use the correct cert, then
finally restarted nginx, which solved the issue.

So I'm assuming that nginx reloads the cert at some interval, but not each
connection (which makes sense). The cert had expired within a few hours of me
getting the expired message, but had already been renewed. I've never noticed
this with my sites since I probably haven't just happened to visit at just the
right time.

Anyone else noticed this, or know how often nginx checks the cert?

Retro Guy

--
Posted on: novaBBS
www.novabbs.com

There's enough money here to buy 5000 cans of Noodle-Roni!

rocksolid / Linux / nginx and letsencrypt