[nitzle]

Hey there, I found an issue in the PR recently that affects the auto-renewal process. Nginx will still serve the old certificate after renewal succeeds since it's never restarted or reloaded. I have another PR open to fix this, but there's a manual way to apply the fix if you're so inclined (and you still have that Streisand server up and running).

Obviously this only applies if you don't plan on destroying/recreating your Streisand server after the newer PR gets merged (EDIT--just got merged). But just in case, the steps are pretty easy (it's in the PR here too: https://github.com/StreisandEffect/streisand/pull/1688):

  [root@streisand]# cat > /etc/letsencrypt/renewal-hooks/deploy/01-reload-nginx.sh << EOF
  #!/bin/sh
  systemctl reload nginx
  EOF
  [root@streisand]# chmod u+x /etc/letsencrypt/renewal-hooks/deploy/01-reload-nginx.sh

If your cert was already auto-renewed (unlikely given the timeline), you'll also need to run systemctl reload nginx to serve the new cert, since the deploy script wasn't present when certbot ran the renewal.