Renew letsencrypt certificate on Apache httpd

To get httpd to notice the new certificates you need to request that it do a "graceful restart". From the docs :

The USR1 or graceful signal causes the parent process to advise the children to exit after their current request (or to exit immediately if they're not serving anything). The parent re-reads its configuration files and re-opens its log files. As each child dies off the parent replaces it with a child from the new generation of the configuration, which begins serving new requests immediately.

As such a graceful restart won't cause downtime.

In order to get letsencrypt/certbot to trigger a graceful restart use the --post-hook argument. This argument will run a command once if any cert renewal was attempted. From the docs:

Command to be run in a shell after attempting to obtain/renew certificates. Can be used to deploy renewed certificates, or to restart any servers that were stopped by --pre-hook. This is only run if an attempt was made to obtain/renew a certificate. (default: None)

So the command you would want is

certbot renew --post-hook "apachectl graceful"

or if run from a cron job

certbot renew --quiet --post-hook "apachectl graceful"

(Thanks to @RustyX for help with this answer)

Related videos on Youtube

04 : 10

Install SSL Certificates in Apache 2.x (httpd) on RHEL 8 / CentOS

Borroms Tech Blog

965

08 : 26

HTTPS / SSL via “Let’s Encrypt” on an Apache Web Server

Code with Susan

90

06 : 03

Free SSL Certificate with Let's Encrypt & Installation with CertBot on Apache Webserver

Astral Web Inc.

42

04 : 23

How to Setup Auto-Renew for Let’s Encrypt SSL Certificates (Apache)

One Page Zen

39

06 : 56

How To Renew Your Let's Encrypt SSL Certificate AUTOMATICALLY (with crontab)

Tony Teaches Tech

22

08 : 14

lets encrypt apache with auto renew

Michika Iranga Perera

6

10 : 40

HTTPS Certificates from Let's Encrypt via SSLforFree on Apache httpd in FreeBSD 11.2 - Wildcard DNS

曾傑民

1

Author by

rustyx

Updated on September 18, 2022