Hello everyone, I have a few public servers with correctly installed SSL certificates. However every time the acme.sh client renews the certificates , I have to manually ssh into the servers, copy/paste the new cert contents to the specified Apache or Nginx paths, and reload the service. I recently came across the --install-cert flag and have been using it to move the certificate contents in an easier way... but still this has to be done manually SSHing into the server and running the command> acme.sh --install-cert -d HOST.DOMAIN.com --cert-file /etc/pki/tls/certs/HOST.DOMAIN.com.cer --key-file /etc/pki/tls/private/HOST.DOMAIN.com.key --fullchain-file /etc/pki/tls/certs/fullchain.cer --reloadcmd "systemctl restart httpd"Is there any way to properly automate this? The certs are correctly being renewed every 2 months, but they are not being installed after renewal. What am I missing to completely forget about the certificates and let them renew & install themselves? Should I use the above line as a post-renewal hook maybe? Thanks!
Certainly. Although I have not used acme.sh, with certbot it works. Like you wrote, the pre- and post-hooks can run the needed code to set up the new certificates, and stop and start the services. A service continues to use the old certificate until it is restarted or otherwise forced to reload certificate.
