DEV Community

Discussion on: Let's Encrypt Server Certificate via DNS Challenge

cpu profile image
Daniel McCarney

Hi Michael,

Great post! I can suggest one small improvement if you're interested :-)

# every Monday at 2:35am
35 2 * * 1 service apache2 restart >> /var/log/letsencrypt/le-apache2-reload.log

Instead of unconditionally restarting apache2 weekly you could do two things:

  1. Using service apache2 reload instead of restart will reduce your downtime but still let Apache pick up certificates that have changed on disk.
  2. You can avoid the apache2 restart cron entry all together and use Certbot's --deploy-hook feature of the renew command.

Adding --deploy-hook "service apache2 reload" to your Certbot renew crontab will ensure Apache2 is gracefully reloaded only when a certificate is actually renewed.

Hope that helps!

michaeldscherr profile image
Michael Scherr Author • Edited on

Thanks for the suggestion, I didn't know about that flag. That definitely seems like the way to go.

I updated the post with your code example.