ugoviti
commented
3 years ago Good suggestion Alenas... pushed 8dc429b98c053f649499b113edfff597f75405f1 right now
Closed alenas closed 3 years ago
ugoviti
commented
3 years ago Good suggestion Alenas... pushed 8dc429b98c053f649499b113edfff597f75405f1 right now
ugoviti
commented
3 years ago
Hi Ugo,
Seems like fwconsole certificates --updateall returns 0, even if it does not do update certs (as certificates are still valid).
I would suggest comparing cert fingerprint before and after update, and also restarting freepbx (for those who use ucp and port 8089. Port 8003 seems to update with apache restart):
if [ "$LETSENCRYPT_ENABLED" == "true" ]; then FNGR_OLD=$(openssl x509 -in /etc/asterisk/keys/$APP_FQDN.crt -noout -fingerprint) fwconsole certificates --updateall -q FNGR_NEW=$(openssl x509 -in /etc/asterisk/keys/$APP_FQDN.crt -noout -fingerprint) if [ "$FNGR_OLD" != "$FNGR_NEW" ]; then supervisorctl restart httpd 1>/dev/null fwconsole restart fi fi
Also there could be a problem if there is cert update asterisk cron job, as if it updates cert before your job, then services will not be restarted.