HTTPS certificate renewals are failing
Certbot's certificate renewals are failing because of the way that Ansible role works. To fix, we need to stop Nginx during HTTPS certificate renewal.
We need to add these two lines to the end of the [renewalparams]
section in /etc/letsencrypt/renewal/www.example.com.conf
:
pre_hook = service nginx stop
post_hook = service nginx start
Let's do it after the set-up happens in https://gitlab.com/consensus.enterprises/ansible-roles/ansible-role-matomo/-/blob/master/tasks/get-https-certificate.yml
Edited by Colan Schwartz