reverseproxy: simplify certificate renewal

An issue was that mail container was not getting refreshed with the up to date certs. The root cause is that it is refreshed only in the renewCerts() cron job. If cert renewal was caused by an app task, then the cron job will skip the restart (since cert is fresh). The other issue is that we keep hitting 0 length certs when we run out of disk space. The root cause is that when out of disk space, a cert renewal will cause cert to be written but since it has no space it is 0 length. Then, when the user tries to restart the server, the box code does not write the cert again. This change fixes the above two including: * To simplify, we use the fallback cert only if we failed to get a LE cert. Expired LE certs will continue to be used. nginx is fine with this. * restart directory as well on renewal
2022-11-11 18:09:10 +01:00
parent f917eb8f13
commit 9c8f78a059
8 changed files with 216 additions and 162 deletions
--- a/src/scripts/restartservice.sh
+++ b/src/scripts/restartservice.sh
@@ -25,7 +25,11 @@ if [[ "${service}" == "unbound" ]]; then
    unbound-anchor -a /var/lib/unbound/root.key
    systemctl restart --no-block unbound
 elif [[ "${service}" == "nginx" ]]; then
-    nginx -s reload
+    if systemctl -q is-active nginx; then
+        nginx -s reload
+    else
+        systemctl restart --no-block nginx
+    fi
 elif [[ "${service}" == "docker" ]]; then
    systemctl restart --no-block docker
 elif [[ "${service}" == "collectd" ]]; then