'morpheus-ctl hup nginx' okay after an SSL cert update?

Apologies in advance as I couldn’t really find a good category and tag for this.

This is related to a prior post located here

I was testing using certbot against Sectigo’s ACME endpoint after setting my test morpheus.rb to use the certbot obtained certificate for the nginx[‘ssl_certicate’] and nginx[‘ssl_server_key’] values.

My question is, I have a deploy-hook setup with certbot that will call out to ‘morpheus-ctl reconfigure’ and… ‘morpheus-ctl hup nginx’. My question is, is this acceptable vs a ‘morpheus-ctl restart nginx’ as I’d rather not have certbot restart nginx and break existing sessions, but instead do a more graceful reload to read the new config (and by extension new cert and key), closing out sessions as they expire.

Will this work as I’m expecting like an ‘systemctl reload apache2’ vs ‘systemctl restart apache2’ does around config and ssl changes?

If you are just updating the certs in place, then morpheus-ctl hup nginx is all that’s necessary. If you are changing filenames or locations, you would need to do a reconfigure.

1 Like

Okay perfect and what I was hoping and expecting!
I just wasn’t sure if the hash/modulus values were used anywhere else in Morpheus as a sort of “cert validation check” for more internal calls that the reconfigure updated and the restart was needed to force refresh all things.

1 Like