Https Certbot Certificate is renewed, but connection not secure till you restart nginx

Question

My domain was showing as not secure on google chrome.

I logged as root to my server ran this command:

certbot certificates

It produced this output: The certbot cerificate was valid.

Found the following certificates:
Certificate Name: xyz.com
Domains: xyz.com www.xyz.com
Expiry date: 2022-01-14 (valid: 58 days)
Certificate path: /etc/letsencrypt/live/xyz.com/fullchain.pem
Private key path: ....

However, the website was showing as NOT secure.

After this I ran :

sudo systemctl restart nginx

Then the website became secure.

What can I do so that I do not need to restart nginx everytime the certificate renews?

I am using Nginx 1.14.0 on ubuntu 18.04.5 The version of my client is : certbot 0.31.0

score 14 · Answer 1 · answered Nov 17 '21 at 10:50

You do not need to restart Nginx, but you do need to tell Nginx that the certificate has changed so that it can reload it. Using nginx -s reload (and probably sudo systemctl reload nginx would work too).

This can be combined with the certbot renewal command, for example:

certbot renew --post-hook "nginx -s reload"

Https Certbot Certificate is renewed, but connection not secure till you restart nginx

1 Answers1