Try SSL renewal more frequently and reload later
It doesn't hurt to attempt renewal more frequently, as it only does real work if it's actually necessary. Reloading, we postpone some more, because certbot adds some random delay (between 1 and 8 * 60 seconds) when renewing. We want to ensure we reload at least 8 minutes later, which wasn't the case. To make it even safer (in case future certbot versions use a longer delay), we reload a whole hour later. We're in no rush to start using the new certificates anyway, especially given that we attempt renewal often. Somewhat fixes #146 (Github Issue)
This commit is contained in:
parent
892abdc700
commit
ec0f936227
@ -69,7 +69,7 @@
|
|||||||
state: present
|
state: present
|
||||||
hour: 4
|
hour: 4
|
||||||
minute: 15
|
minute: 15
|
||||||
day: "*/5"
|
day: "*"
|
||||||
job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
|
job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
|
||||||
|
|
||||||
- name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload)
|
- name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload)
|
||||||
@ -78,9 +78,9 @@
|
|||||||
cron_file: matrix-ssl-lets-encrypt
|
cron_file: matrix-ssl-lets-encrypt
|
||||||
name: matrix-nginx-proxy-reload
|
name: matrix-nginx-proxy-reload
|
||||||
state: present
|
state: present
|
||||||
hour: 4
|
hour: 5
|
||||||
minute: 20
|
minute: 20
|
||||||
day: "*/5"
|
day: "*"
|
||||||
job: /bin/systemctl reload matrix-nginx-proxy.service
|
job: /bin/systemctl reload matrix-nginx-proxy.service
|
||||||
when: matrix_nginx_proxy_enabled
|
when: matrix_nginx_proxy_enabled
|
||||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||||
|
Loading…
Reference in New Issue
Block a user