LS 5.3.6 - letsencrypt cert renews, but lsws keeps serving old cert until graceful restart

#24
Does anyone have any more advice on this.

I have the same issue, also on a digital ocean pre-built droplet install. Cert renews but lsws requires a manual restart. A dry run suggests it will run the command but clearly it needs a manual restart.

I've tried 2 different hooks in my cron

Code:
certbot renew -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew  --deploy-hook "/usr/local/lsws/bin/lswsctrl restart"
Code:
certbot renew --deploy-hook "/usr/local/lsws/bin/lswsctrl restart"
Now I'm trying
Code:
certbot renew --deploy-hook "service lsws restart"
I just need some confidence I'm using the right code as the persons web site keeps flagging up a privacy warning.
 

Unique_Eric

Administrator
Staff member
#25
Please check https://docs.litespeedtech.com/cloud/images/wordpress/#how-does-certbots-auto-renew-script-work

In order to use systemctl command, please run the following commands,

Code:
/usr/local/lsws/bin/lswsctrl stop >/dev/null
systemctl stop lsws >/dev/null
systemctl start lsws >/dev/null

and keep your cronjob like follows
Code:
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --deploy-hook "systemctl restart lsws"
 
#26
Eric thank you. I thought I'd already said thanks, sorry about that. I updated the code back then and was just checking in on this as the renewal is towards month end. Hopefully it will work.

Should I always stop and restart LSWS this way to make sure the cron can interact with the service?
 
#28
Sadly it has been 2 months since my post about the SSL renewal and LSWS failing to restart. Despite running these commands

Code:
/usr/local/lsws/bin/lswsctrl stop >/dev/null
systemctl stop lsws >/dev/null
systemctl start lsws >/dev/null
And ensuring my certbot cron is
Code:
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --deploy-hook "systemctl restart lsws"
Litespeed again failed to restart after the cert was updated.

Is there anything else I can try. I have another LSWS DigitalOcean droplet running the same setup which also had the same issue, also ran the commands on that one but it is due for renewal in Jan. Keen to prevent this happening again on both.
 

Pong

Administrator
Staff member
#29
Run manually to ensure there is no typo. then
Check your cron log to see if it runs successfully or not.

also matching the timestamp to check error.log

You should show more technical evidence about "Litespeed again failed to restart" from the log. Most like your cron issue.
 

Unique_Eric

Administrator
Staff member
#30
@bp1000 , sorry for the inconvenience,

Please check https://forum.openlitespeed.org/thr...ewed-but-lsws-doesnt-restart.4841/#post-11991
I have a deep look into that case and found out the Let's Encrypt hook does not being triggered for an unknown reason on some servers, no LE error log as well. What I would suggest is to put another rule to the cronjob to handle the restart regularly, so we don't need to rely on the hook more.

Code:
echo '0 0 * * 3 root systemctl restart lsws' | sudo tee -a /etc/cron.d/certbot > /dev/null
Feel free to adjust the cronjob time

I also pushed it to the git repo, so the newly launched cloud image server should have this setup.
https://github.com/litespeedtech/ls-cloud-image/commit/1925a68b347b5f16676aeb46047e147ddec3158d
 
#31
Thank you guys, one of my servers that had issues is ok now.

The next is due on the 25th. I've added the restart on that one too, so should be fine!

Thanks
 
Top