This is done once when the following lines of the initialization script init-certbot are run: https://github.com/ise621/machine/blob/1df863523c823c2efc938933559b2ac0910486da/init-certbot.sh#L24-L25 It should be done regularly (and checked for consistency with the custom configuration: https://github.com/ise621/machine/blob/1df863523c823c2efc938933559b2ac0910486da/nginx/templates/default.conf.template#L14-L28 Should we do it in a cron job or rather, for example, once a week, by the system administrator? Or does certbot renew automatically fetch these files https://github.com/ise621/machine/blob/1df863523c823c2efc938933559b2ac0910486da/local.yml#L90 daily when needed?
The versioned files are
This is done once when the following lines of the initialization script init-certbot are run: https://github.com/ise621/machine/blob/1df863523c823c2efc938933559b2ac0910486da/init-certbot.sh#L24-L25 It should be done regularly (and checked for consistency with the custom configuration: https://github.com/ise621/machine/blob/1df863523c823c2efc938933559b2ac0910486da/nginx/templates/default.conf.template#L14-L28 Should we do it in a cron job or rather, for example, once a week, by the system administrator? Or does
certbot renewautomatically fetch these files https://github.com/ise621/machine/blob/1df863523c823c2efc938933559b2ac0910486da/local.yml#L90 daily when needed?The versioned files are
options-ssl-nginx.confssl-dhparams.pem