SWAG LetsEncrypt Certificate Renewal

  • Hello


    I installed SWAG a couple months back and all works awesome. I just got an email saying my 90 day certificate is about to expire….. I had assumed it would do not automatically. I’ve done a little research but before I implement possible wrong solutions as they may not be compatible with a system I have, had anyone got any recommendations on correct way to renew?

    • Offizieller Beitrag

    Hello


    I installed SWAG a couple months back and all works awesome. I just got an email saying my 90 day certificate is about to expire….. I had assumed it would do not automatically. I’ve done a little research but before I implement possible wrong solutions as they may not be compatible with a system I have, had anyone got any recommendations on correct way to renew?

    Just restart the swag container. Swag has a certbot built in that will renew certs tat are within 7 days of expiring when the container starts.


    Truth is, it's probably already been renewed by the time you got that email.

    • Offizieller Beitrag

    Fair enough, thank you.

    If you're running regular updates on your software and containers, I've never had a cert come even close to expiring (I do get those emails however as I think they are auto generated).


    If docker updates (which it just did yesterday I think)... it is going to restart the docker service, thus restarting all your containers, including swag. If it was close to expiring, when it restarts it will pull a new cert.


    If you're using watchtower (I am)... it should be checking for updates on your containers, including swag. swag gets updated enough that it will restart and if it's close to expiring, it will pull a new cert.


    If you reboot your server even semi-regularly.. this will restart the docker service/all containers and again, if you're close to expiring, you're going to get renewed.


    So if you get those emails, just click the padlock next to one of your domains (I'm assuming we are talking wildcard subdomains, so there's 1 cert for everything).. and look at the dates on the cert. I'd say under most circumstances, it's been renewed already. I don't think I've ever had to restart swag to get a new cert due to expiration... and there's been plenty of times my server has been up for 70-80 days w/o rebooting.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!