Cache - New SSL certificates

engintron / engintron

Engintron for cPanel/WHM is the easiest way to integrate Nginx on your cPanel/WHM server. Engintron will improve the performance & web serving capacity of your server, while reducing CPU/RAM load at the same time, by installing & configuring the popular Nginx webserver to act as a reverse caching proxy in front of Apache.

https://engintron.com

GNU General Public License v2.0

661 stars 173 forks source link

Cache - New SSL certificates #1455

Open faca5 opened 11 months ago

faca5 commented 11 months ago

Hello.

Latest version of Engintron v2.1 has problem to reload new SSL certificates.

Example:

Visit website https://www.example.com with
Valid SSL certificate expire
New SSL certificate installed
Visit website https://www.example.com

You got error, invalid/expire SSL certificate.

You need manually press "Flush Cache" in "Engintron" to start site work again Engintron doesn't reload new SSL certificate once it is replaced because it has old state in cache.

sskafandri commented 10 months ago

Hello, i have the same issue did any one find a solution ?

faca5 commented 10 months ago

We have added cronjob for "purgecache" everyday.

Please check #570 and #566 for more information.

Thank you.

sskafandri commented 10 months ago

thank you faca5 for your help i will try it and see if it will fix this issue, by the way i did found that i need to restart nginx manually every time an SSL certificate is renewed to fix invalid/expire SSL certificate issue.

faca5 commented 10 months ago

What does "purgecache"?

remove temp
remote cache
restart Apache
restart nginx

Set cronjob in night time or early morning to avoid downtime for few seconds.

sskafandri commented 10 months ago

ok thank you so much

sskafandri commented 10 months ago

i did some research and i did found that cPanel has a specific cronjob for autossl its located on : /etc/cron.d/cpanel_autossl my idea is to add nginx reload command to the end of the cronjob so that every time that cPanel renew ssl it will reload nginx in this way i will be sure that nginx will always load the renewed ssl. i did add " && /usr/sbin/nginx -s reload" to the end of the conjob line so it will become like this : 53 0,3,6,9,12,15,18,21 * root /usr/local/cpanel/bin/autossl_check --all && /usr/sbin/nginx -s reload

you can test it and let me know your feedback.

jhawkins002 commented 5 months ago

Writing in with our experience. In the last month we have deployed 2 new cPanel servers and they both present this issue. None of the fixes mentioned in this thread or the related report 1445 fix the problem. We're just going to have to pull Engintron from production for now which will present its own headaches but we look forward to monitoring the conversation here to see what other feedback comes around.

pgrandmaison commented 1 month ago

I have experienced this issue for years as well on Coudlinux 7 and Cloudlinux 8. My only solution has been to add a cron job to reload nginx. There's something that isn't working correctly with the script that is running in the background "/etc/nginx/utilities/https_vhosts.sh"