chore(na): nginx restart in certbot cronjob#2114
Conversation
mrjones-plip
changed the title
|
@1yuv would you be available to review this small PR? Thanks! |
There was a problem hiding this comment.
Pull request overview
Updates the TLS/Certbot hosting documentation to ensure nginx reloads after automated certificate renewal so renewed certs are actually picked up by the running nginx container.
Changes:
- Extend the documented certbot cronjob to reload nginx after running certbot.
- Add clarification to verify the nginx container name (
cht_nginx_1) before using the cronjob command.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
1yuv
left a comment
1yuv
left a comment
There was a problem hiding this comment.
Hi @mrjones-plip , I tagged @copilot to review and there are some good points that need to address.
|
Thanks for the review @1yuv! This PR does not mention anything about renewing daily. Indeed, the line Can you confirm you tested all the suggested copilot changes in an environment with a public IP and DNS entry to ensure the |
First line of this PR description has this
That's why Copilot was suggesting
I did not test the copilot suggestions. When I checked them, they appeard like only an enhancement to the commands you used. If you saw anything misleading, please discard the suggestion. |
|
Ah - I see that now - thanks for taking a second to call it out. I thought it had hallucinated - I'm sorry for my confusion! I've updated my PR description and given comments on the PR feedback |
github-project-automation
Bot
moved this from 💻 In Progress
to 🚀 Done
in CHT Stewardship Activities Q1 2026
Description
Our TLS docs have certbot attempt to renew the cert, but it does not restart
nginx. This means new certs won't get loaded.This PR adds an
nginxreload call to the cronjob.this issue was discovered in a Medic production instance (see private ticket)
License
The software is provided under AGPL-3.0. Contributions to this project are accepted under the same license.