Updating certs does not seem to work

[pagism]

The default template deployment is generating temporary certs for lb-myapp....cloudapp.azure.com.

Documentation states that cert update an be copied to the following files to be ready immediately:

/moodle/certs/nginx.key: Your certificate's private key
/moodle/certs/nginx.crt: Your combined signed certificate and trust chain certificate(s).

I've replaced nginx.key and nginx.crt with the new ones, but the site is still using the old ones, is there any other way to update the key and certificate?

thanks

[SorraTheOrc]

The documentation also states you need to restart the web frontend for the certs to be updated. Did you take this step?

---

From: pagism notifications@github.com Sent: Wednesday, March 3, 2021 12:01 PM To: Azure/Moodle Moodle@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [Azure/Moodle] Updating certs does not seem to work (#239)

The default template deployment is generating temporary certs for lb-myapp....cloudapp.azure.com.

Documentation states that cert update an be copied to the following files to be ready immediately:

/moodle/certs/nginx.key: Your certificate's private key /moodle/certs/nginx.crt: Your combined signed certificate and trust chain certificate(s).

I've replaced nginx.key and nginx.crt with the new ones, but the site is still using the old ones, is there any other way to update the key and certificate?

thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FMoodle%2Fissues%2F239&data=04%7C01%7Cross.gardler%40microsoft.com%7C50b2c6ac4a704d5fbbd108d8de7f3324%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503985185981712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=jylDjRbfg4UxrfN1e6B%2B%2BTsY1ms06YnZ9nsqBgfv27M%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAB5DABGNT24MGHQDOLBFMTTB2ITJANCNFSM4YR4F3VA&data=04%7C01%7Cross.gardler%40microsoft.com%7C50b2c6ac4a704d5fbbd108d8de7f3324%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503985185981712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=hjgsFkGQTx%2BfE%2B9u%2FQpnifi1Y%2FyokfBYebBblc1%2BFvg%3D&reserved=0.

[pagism]

thank you, it is not clear from documentation to restart the web frontend changing ssl certs

[SorraTheOrc]

Thanks for the point there. I was looking at a different documentation on the SSL topic, which is clear. I'll make a quick edit to the one you link to since you are correct it doesn't say it there. I'll also add link to the more details docs.

---

From: pagism notifications@github.com Sent: Wednesday, March 3, 2021 12:33 PM To: Azure/Moodle Moodle@noreply.github.com Cc: Ross Gardler Ross.Gardler@microsoft.com; Comment comment@noreply.github.com Subject: Re: [Azure/Moodle] Updating certs does not seem to work (#239)

Closed #239https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FMoodle%2Fissues%2F239&data=04%7C01%7Cross.gardler%40microsoft.com%7Cf57c448fee9e4bb6b35508d8de83a076%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637504004223617485%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wUEA4BwVjmKgSxJNog779KLQzzqRePKuPYm6guu8a1g%3D&reserved=0.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FMoodle%2Fissues%2F239%23event-4404175722&data=04%7C01%7Cross.gardler%40microsoft.com%7Cf57c448fee9e4bb6b35508d8de83a076%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637504004223627442%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7ILRg%2BPBB02EZv%2FF8ts0ntBmI96lXwFhqVes9jl0MbU%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAB5DADNGUXX7RGNO25FKYDTB2MKFANCNFSM4YR4F3VA&data=04%7C01%7Cross.gardler%40microsoft.com%7Cf57c448fee9e4bb6b35508d8de83a076%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637504004223627442%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=XdqJZ4bPbNsc2n07nEOe97CSWl37SNuktKQD%2FoJeegQ%3D&reserved=0.

[pagism]

Thanks for this, what is the best way to restart the web frontend then?

[SorraTheOrc]

Two approached. 1) simply restart the VMs which can be done via the portal. 2) SSH in and restart just the web processes on each machine

If you have more than 1 VM then doing it via portal is safe as fine as it will restart the VMs one after the other rather than all at once and you will not have downtime. The second option is ideal if you only have a single VM as downtime is unavoidable. Restarting just the web service will be faster.

---

From: pagism notifications@github.com Sent: Wednesday, March 3, 2021 2:48 PM To: Azure/Moodle Moodle@noreply.github.com Cc: Ross Gardler Ross.Gardler@microsoft.com; Comment comment@noreply.github.com Subject: Re: [Azure/Moodle] Updating certs does not seem to work (#239)

Thanks for this, what is the best way to restart the web frontend then?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FMoodle%2Fissues%2F239%23issuecomment-790127761&data=04%7C01%7Cross.gardler%40microsoft.com%7Cc8f205b488cc4249119008d8de967859%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637504085136673542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=h7JzPxQN6ypjqVmM7xjI3u5xKpO9eQ16KqB7Xo1pEpc%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAB5DACAHOZQQOETNGMIAU3TB24D7ANCNFSM4YR4F3VA&data=04%7C01%7Cross.gardler%40microsoft.com%7Cc8f205b488cc4249119008d8de967859%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637504085136673542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=anKwu6qwE%2BiZYQvHd%2Fcb45%2BRzY71TDGqxiFbyhVXrW4%3D&reserved=0.

[pagism]

we are using the maximum template, from the deployment we only have a singe VM which I think is the controller, I can restart nginx there but has no effect, do I have to restart the controller VM from the portal?

[SorraTheOrc]

The web front end is the VM Scale Set (VMSS). See the image in the README for a "boxes and lines" version of how it plugs together.

---

From: pagism notifications@github.com Sent: Wednesday, March 3, 2021 2:59 PM To: Azure/Moodle Moodle@noreply.github.com Cc: Ross Gardler Ross.Gardler@microsoft.com; Comment comment@noreply.github.com Subject: Re: [Azure/Moodle] Updating certs does not seem to work (#239)

we are using the maximum template, from the deployment we only have a singe VM which I think is the controller, I can restart nginx there but has no effect, do I have to restart the controller VM from the portal?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FMoodle%2Fissues%2F239%23issuecomment-790133024&data=04%7C01%7Cross.gardler%40microsoft.com%7C8d92891d492d43b830ef08d8de97f219%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637504091473280028%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BfnJWoNXCDYXkptSAvV0yyDD%2FKLCiJYkdFwa6eLv2bk%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAB5DABAP5SNDXBO6TBWSN3TB25LTANCNFSM4YR4F3VA&data=04%7C01%7Cross.gardler%40microsoft.com%7C8d92891d492d43b830ef08d8de97f219%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637504091473280028%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ZVEGQpyuBIrXZGFSbsB5sQyS%2FxJ%2FzUyGRL9gQM%2FeZr4%3D&reserved=0.