Seems like fwconsole certificates --updateall returns 0, even if it does not do update certs (as certificates are still valid).
I would suggest comparing cert fingerprint before and after update, and also restarting freepbx (for those who use ucp and port 8089. Port 8003 seems to update with apache restart):
if [ "$LETSENCRYPT_ENABLED" == "true" ]; then
FNGR_OLD=$(openssl x509 -in /etc/asterisk/keys/$APP_FQDN.crt -noout -fingerprint)
fwconsole certificates --updateall -q
FNGR_NEW=$(openssl x509 -in /etc/asterisk/keys/$APP_FQDN.crt -noout -fingerprint)
if [ "$FNGR_OLD" != "$FNGR_NEW" ]; then
supervisorctl restart httpd 1>/dev/null
fwconsole restart
fi
fi
Also there could be a problem if there is cert update asterisk cron job, as if it updates cert before your job, then services will not be restarted.
Hi Ugo,
Seems like fwconsole certificates --updateall returns 0, even if it does not do update certs (as certificates are still valid).
I would suggest comparing cert fingerprint before and after update, and also restarting freepbx (for those who use ucp and port 8089. Port 8003 seems to update with apache restart):
if [ "$LETSENCRYPT_ENABLED" == "true" ]; then FNGR_OLD=$(openssl x509 -in /etc/asterisk/keys/$APP_FQDN.crt -noout -fingerprint) fwconsole certificates --updateall -q FNGR_NEW=$(openssl x509 -in /etc/asterisk/keys/$APP_FQDN.crt -noout -fingerprint) if [ "$FNGR_OLD" != "$FNGR_NEW" ]; then supervisorctl restart httpd 1>/dev/null fwconsole restart fi fi
Also there could be a problem if there is cert update asterisk cron job, as if it updates cert before your job, then services will not be restarted.