Photo by Erica Nilsson on Unsplash (cropped)
Warning: this blog post assumes the following:
- you are running nginx in a Docker container.
- Let’s Encrypt has been configured correctly in the nginx container.
- You are awesome for reading this blog.
The default behaviour of certbot (Let’s Encrypt’s command line tool) is to restart the web server. This isn’t desirable in a live environment, ideally you want your web server to reload it’s configuration. For nginx, this involves sending a signal to the process, in this case it’s
But how can you tell that your certificates have been renewed?
The recommended way by NGINX (the organisation rather than the web server) is to check the PIDs (Process Ids) before triggering nginx to reload the configuration.
docker top <NGINX_CONTAINER_ID> axw -o pid,ppid,command | egrep '(nginx|PID)' PID PPID COMMAND 2089 31208 tail -f /var/log/nginx/access.log 3509 31222 nginx: worker process 31222 31208 nginx: master process nginx -g daemon off;
The PID you want to observe is nginx worker process (COMMAND) which is in this example is 3509.
Pro-tip: You can pass
docker top subcommand
ps flags? Neat huh?
Now let’s send a
HUP signal to the container to force nginx to reload the configuration:
docker kill —signal HUP <NGINX_CONTAINER_ID>
Then re-check PIDs
docker top <NGINX_CONTAINER_ID> axw -o pid,ppid,command | egrep '(nginx|PID)' PID PPID COMMAND 2089 31208 tail -f /var/log/nginx/access.log 3643 31222 nginx: worker process 31222 31208 nginx: master process nginx -g daemon off;
The PID of the nginx worker process has now changed to 3643!
It is a well-known fact that all human beings are different and unique in their ways. However, no matter how unique and different we are from one another, one thing which remains the same between all of us is our innate nature to commit mistakes.