diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml index da4e71d09..827d146a1 100644 --- a/roles/matrix-server/defaults/main.yml +++ b/roles/matrix-server/defaults/main.yml @@ -73,6 +73,9 @@ matrix_riot_web_enabled: true # and take care of proxying by yourself. matrix_nginx_proxy_enabled: true +# Specifies when to attempt to retrieve new SSL certificates from Let's Encrypt. +matrix_ssl_renew_cron_time_definition: "15 4 */5 * *" + # Specifies when to reload the matrix-nginx-proxy service so that -# a new SSL certificate could go into effect (UTC time). -matrix_nginx_proxy_reload_cron_time_definition: "15 4 3 * *" \ No newline at end of file +# a new SSL certificate could go into effect. +matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *" \ No newline at end of file diff --git a/roles/matrix-server/templates/cron.d/matrix-ssl-certificate-renewal.j2 b/roles/matrix-server/templates/cron.d/matrix-ssl-certificate-renewal.j2 index 999e7c859..42b7a71a0 100644 --- a/roles/matrix-server/templates/cron.d/matrix-ssl-certificate-renewal.j2 +++ b/roles/matrix-server/templates/cron.d/matrix-ssl-certificate-renewal.j2 @@ -21,4 +21,4 @@ MAILTO="{{ matrix_ssl_support_email }}" # When a custom proxy server (not matrix-nginx-proxy provided by this playbook), # you'd need to make sure you alias these files correctly or SSL renewal would not work. -15 4 */5 * * root /usr/bin/docker run --rm --net=host -v {{ matrix_ssl_certs_path }}:/certs -v {{ matrix_ssl_certs_path }}/run:/var/run/acme -e ACME_EMAIL={{ matrix_ssl_support_email }} willwill/acme-docker acmetool --batch reconcile # --xlog.severity=debug +{{ matrix_ssl_renew_cron_time_definition }} root /usr/bin/docker run --rm --net=host -v {{ matrix_ssl_certs_path }}:/certs -v {{ matrix_ssl_certs_path }}/run:/var/run/acme -e ACME_EMAIL={{ matrix_ssl_support_email }} willwill/acme-docker acmetool --batch reconcile # --xlog.severity=debug