From 899eca5f024f22b67aa032dd82aa4393b60b85e4 Mon Sep 17 00:00:00 2001 From: Dmitry Ilvokhin Date: Sun, 14 Apr 2024 19:27:14 +0100 Subject: Make certificate updates work for nginx Currently, we obtain certificates from Let's Encrypt with standalone mode, so when we do renew, certbot tries to run it is own webserver on port 80, but this port is already in use by nginx. Stop nginx, before renewal. This is quite hacky, but should work. Proper solution is to split certificate role by standalone and non-standalone versions. --- roles/nginx/files/hooks/deploy/nginx.sh | 3 +++ roles/nginx/files/hooks/post/nginx.sh | 3 +++ roles/nginx/files/hooks/pre/nginx.sh | 3 +++ roles/nginx/files/nginx.sh | 3 --- 4 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 roles/nginx/files/hooks/deploy/nginx.sh create mode 100644 roles/nginx/files/hooks/post/nginx.sh create mode 100644 roles/nginx/files/hooks/pre/nginx.sh delete mode 100644 roles/nginx/files/nginx.sh (limited to 'roles/nginx/files') diff --git a/roles/nginx/files/hooks/deploy/nginx.sh b/roles/nginx/files/hooks/deploy/nginx.sh new file mode 100644 index 0000000..ca022f8 --- /dev/null +++ b/roles/nginx/files/hooks/deploy/nginx.sh @@ -0,0 +1,3 @@ +#! /bin/sh + +systemctl reload nginx diff --git a/roles/nginx/files/hooks/post/nginx.sh b/roles/nginx/files/hooks/post/nginx.sh new file mode 100644 index 0000000..84e871d --- /dev/null +++ b/roles/nginx/files/hooks/post/nginx.sh @@ -0,0 +1,3 @@ +#! /bin/sh + +systemctl start nginx diff --git a/roles/nginx/files/hooks/pre/nginx.sh b/roles/nginx/files/hooks/pre/nginx.sh new file mode 100644 index 0000000..91b7633 --- /dev/null +++ b/roles/nginx/files/hooks/pre/nginx.sh @@ -0,0 +1,3 @@ +#! /bin/sh + +systemctl stop nginx diff --git a/roles/nginx/files/nginx.sh b/roles/nginx/files/nginx.sh deleted file mode 100644 index ca022f8..0000000 --- a/roles/nginx/files/nginx.sh +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/sh - -systemctl reload nginx -- cgit v1.2.3-70-g09d2