Use --nginx option

[Superpiffer]

I've tested this option and it works perfectly. Why not use it?

[lnicola]

Thank you. I'll have to look into this. Not so long ago it was failing for me due to certbot/certbot#921. It also used to overwrite portions of nginx.conf with older versions.

Apparently, it's working better now, but I'm still somewhat suspicious.

Two questions:

• is --nginx required? I think it remembers the authenticator, so it's only needed once
• is the systemctl reload nginx hook required?

And we'll also want to update the README with instructions for setting it up. Keeping the webroot section might not be bad, as it can be quite useful.

[Superpiffer]

1. I didn't know that certbot remembers the authenticator, so maybe this pull request is useless.
2. I thought that I had the last version of the service file but I'm using "ExecStopPost=/bin/systemctl --no-block reload nginx" as the last release on AUR. It works just fine so I'm not really sure that the hook is needed or not. My mistake!

[lnicola]

Sorry. I did some more tests, and it seems to be stable. To answer my questions:

is --nginx required? I think it remembers the authenticator, so it's only needed once

The renewal config file gets updated with the new authenticator, so there's no need to pass --nginx every time.

is the systemctl reload nginx hook required?

No, certbot-nginx does that automatically.

Given the two points above, the only remaining thing this package could do is simply run certbot renew, but then it should be renamed. There is, however, an unrelated certbot-systemd AUR package that does exactly that (it also runs systemctl reload nginx, which is useless).

So it looks like I should drop this package in favor of certbot-systemd. What do you think?

[lnicola]

See also the discussion in parchd-1/certbot-systemd#1.

[Superpiffer]

I think you're right, infact I already switched to certbot-systemd without issues.

[lnicola]

Closed in 4d7478d.