From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41202)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4Ow5-0000nt-GJ
	for guix-patches@gnu.org; Sat, 29 Apr 2017 05:45:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4Ow2-0007NW-Dk
	for guix-patches@gnu.org; Sat, 29 Apr 2017 05:45:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:47330)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1d4Ow2-0007NQ-9o
	for guix-patches@gnu.org; Sat, 29 Apr 2017 05:45:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d4Ow1-0001h0-Tb
	for guix-patches@gnu.org; Sat, 29 Apr 2017 05:45:01 -0400
Subject: bug#26685: certbot service
Resent-Message-ID: <handler.26685.B26685.14934590776458@debbugs.gnu.org>
References: <cucmvb1ehiv.fsf@igalia.com> <87mvb0ubog.fsf@lassieur.org>
	<20170428193347.GD6736@jasmine>
From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
In-reply-to: <20170428193347.GD6736@jasmine>
Date: Sat, 29 Apr 2017 11:44:33 +0200
Message-ID: <87ziezlf9a.fsf@lassieur.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: Andy Wingo <wingo@igalia.com>, 26685@debbugs.gnu.org

Leo Famulari <leo@famulari.name> writes:

> On Fri, Apr 28, 2017 at 11:24:47AM +0200, Clément Lassieur wrote:
>> Also I think some services have to be reloaded/restarted after their
>> certificates are upgraded.  That could be done via a mcron post-hook,
>> but I'm not sure how to pass the list of services that have to be
>> restarted.  WDYT?
>
> I don't have the answer either, but this is a prime use case for
> implementing `nginx reload` in the nginx-service. Otherwise, nginx will
> have to be killed in order to deploy the new certificate.

But this is not just about nginx right?  (Otherwise 'nginx -s reload'
would do the job, I think.)  It is about every service that has its
certificates renewed by certbot.  Don't we need a generic way to reload
services, like 'herd reload service'?  I will have a look at how we
could implement this.