Closed nosovk closed 5 years ago
Hi, https is being used. Unfortunately, automatic cert renewal is not setup. If you know how to setup renewal, please share. I've tried sending SIGHUP signal to nginx to no avail. It looks like some browser caching involved. I needed to restart nginx completely so that new certificate is picked up.
Here's the cert renewal script:
As you can see, it runs every 24h. New certificates are issues. The problem is that nginx doesn't pick them up automatically.
Probably some nginx wrapper is needed to track file changes and restart nginx process. Or maybe some docker in docker container which will talk to docker daemon and restart nginx container. Or just a simple cron job. None of the solutions seem nice. Ideally, nginx should pickup new certs automatically.
I'm thinking of switching to traefik: https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
We are currently moving to traefik too. We used that one before - https://github.com/jwilder/nginx-proxy It works out from the box.
Switched to using this simple script:
Hope it works
https://github.com/datagovua/edrpou-operations/commit/a110ecb9c1f7de58f5561324b432882b607b542a
Please add https at edr.data-gov-ua.org It's easy to obtain letsencrypt certificate. If you use docker to run it - I can help to rewrite it for proper certificate issuing