From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41202) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d4Ow5-0000nt-GJ for guix-patches@gnu.org; Sat, 29 Apr 2017 05:45:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d4Ow2-0007NW-Dk for guix-patches@gnu.org; Sat, 29 Apr 2017 05:45:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:47330) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d4Ow2-0007NQ-9o for guix-patches@gnu.org; Sat, 29 Apr 2017 05:45:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1d4Ow1-0001h0-Tb for guix-patches@gnu.org; Sat, 29 Apr 2017 05:45:01 -0400 Subject: bug#26685: certbot service Resent-Message-ID: References: <87mvb0ubog.fsf@lassieur.org> <20170428193347.GD6736@jasmine> From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur In-reply-to: <20170428193347.GD6736@jasmine> Date: Sat, 29 Apr 2017 11:44:33 +0200 Message-ID: <87ziezlf9a.fsf@lassieur.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Leo Famulari Cc: Andy Wingo , 26685@debbugs.gnu.org Leo Famulari writes: > On Fri, Apr 28, 2017 at 11:24:47AM +0200, Clément Lassieur wrote: >> Also I think some services have to be reloaded/restarted after their >> certificates are upgraded. That could be done via a mcron post-hook, >> but I'm not sure how to pass the list of services that have to be >> restarted. WDYT? > > I don't have the answer either, but this is a prime use case for > implementing `nginx reload` in the nginx-service. Otherwise, nginx will > have to be killed in order to deploy the new certificate. But this is not just about nginx right? (Otherwise 'nginx -s reload' would do the job, I think.) It is about every service that has its certificates renewed by certbot. Don't we need a generic way to reload services, like 'herd reload service'? I will have a look at how we could implement this.