From 8c27be14b6787fa89236701e149f7e119a2a9020 Mon Sep 17 00:00:00 2001 From: Nicolas Duchon Date: Sat, 23 Nov 2024 11:49:53 +0100 Subject: [PATCH 1/2] fix: reload nginx on each created or renewed cert --- app/letsencrypt_service | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/letsencrypt_service b/app/letsencrypt_service index 4f589255..0ec9e60b 100755 --- a/app/letsencrypt_service +++ b/app/letsencrypt_service @@ -479,6 +479,9 @@ function update_cert { fi done + if ! parse_true "${RELOAD_NGINX_ONLY_ONCE:-false}" && parse_true $should_reload_nginx; then + reload_nginx + fi } function update_certs { From 4726a8791e553c57a3608112771357a39a03f5d8 Mon Sep 17 00:00:00 2001 From: Nicolas Duchon Date: Sat, 23 Nov 2024 17:59:51 +0100 Subject: [PATCH 2/2] docs: RELOAD_NGINX_ONLY_ONCE --- docs/Container-configuration.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Container-configuration.md b/docs/Container-configuration.md index d4312053..ebe910fa 100644 --- a/docs/Container-configuration.md +++ b/docs/Container-configuration.md @@ -35,3 +35,5 @@ You can also create test certificates per container (see [Test certificates](./L * `ACME_POST_HOOK` - The provided command will be run after every certificate issuance. The action is limited to the commands available inside the **acme-companion** container. For example `--env "ACME_POST_HOOK=echo 'end'"`. For more information see [Pre- and Post-Hook](./Hooks.md) * `ACME_HTTP_CHALLENGE_LOCATION` - Previously **acme-companion** automatically added the ACME HTTP challenge location to the nginx configuration through files generated in `/etc/nginx/vhost.d`. Recent versions of **nginx-proxy** (>= `1.6`) already include the required location configuration, which remove the need for **acme-companion** to attempt to dynamically add them. If you're running and older version of **nginx-proxy** (or **docker-gen** with an older version of the `nginx.tmpl` file), you can re-enable this behaviour by setting `ACME_HTTP_CHALLENGE_LOCATION` to `true`. + +* `RELOAD_NGINX_ONLY_ONCE` - The companion reload nginx configuration after every new or renewed certificate. Previously this was done only once per service loop, at the end of the loop (this was causing delayed availability of HTTPS enabled application when multiple new certificates where requested at once, see [issue #1147](https://github.com/nginx-proxy/acme-companion/issues/1147)). You can restore the previous behaviour if needed by setting the environment variable `RELOAD_NGINX_ONLY_ONCE` to `true`.