How do I reload Nginx after SSL renewal?
Set up a deploy hook: create /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh with 'systemctl reload nginx', make it executable. Or run 'sudo certbot renew --deploy-hook "systemctl reload nginx"'. The deploy hook runs automatically after each successful renewal.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Nginx SSL Certificate Renewal and Updates Let's Encrypt Auto-Renewal
Certbot sets up a systemd timer that runs 'certbot renew' twice daily. When a certificate is within 30 days of expiry, it renews automatically. Set up a deploy hook to reload Nginx: create /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh with 'systemctl reload nginx'. Test with certbot renew --dry-run.
Run sudo certbot renew --dry-run. This simulates the renewal process without actually renewing. If it succeeds, auto-renewal is working. If it fails, check the error message common issues are port 80 not accessible or Nginx config errors.
Run 'sudo certbot certificates' to see all certificates with expiry dates. Or use 'echo | openssl s_client -connect yourdomain.com:443 | openssl x509 -noout -dates' to check a specific domain. Set up a cron job to alert when certificates are within 30 days of expiry.
Still have questions?
Browse all our FAQs or reach out to our support team
