Dashboard down upon certificate renewel

[davidye007]

Certbot auto-renewed the certificate for trailtrends.outdoor.org on 1/15/2025. The expiration date for the certificate is 2/13/2025. Certbot auto-renews the certificate when there is less than 30 days before certificate expiry.

Once the certificate is renewed, the user nginx no longer has read access to the renewed certificate.

A temporary fix is manually changing the folder permission with the following command:

1. sudo chmod 644 /etc/letsencrypt/archive/trailtrends.outdoorrd.org/*

or

2. sudo chmod 644 /etc/letsencrypt/live/trailtrends.outdoorrd.org/*.pem

A permanent solution would allow nginx to having access to Certbot renewed certificates without manual intervention.

[davidye007]

Check out Slack thread for history/background on this issue.

[davidye007]

Added chmod 644 /etc/letsencrypt/live/trailtrends.outdoorrd.org/*.pem to /etc/letsencrypt/renewal-hooks/post/start-services.sh. The post script runs once the renewal is complete. This should give the user nginx read access to the renewed certificate, and keep the dashboard running with no manual intervention.

The next expiration date is 2025-4-14, so the next auto-renewal will happen around 2024-03-14 (one month earlier). We shall keep an eye out for the next certificate renewal process.