From 06f4a2e56948f0b2e2842a5ba5b9fe0d21bc8ba8 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 5 Mar 2016 14:55:40 +0100
Subject: Let's Encrypt: Only reload (as opposed to restart) postfix/nginx
 after renewing the cert

---
 certs/public/fripost.org.pem                       | 22 +++++++++++-----------
 certs/public/git.fripost.org.pem                   | 20 ++++++++++----------
 certs/public/mx2.fripost.org.pem                   | 20 ++++++++++----------
 .../etc/letsencrypt-tiny/letsencrypt-certs.conf.j2 | 12 ++++++------
 4 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/certs/public/fripost.org.pem b/certs/public/fripost.org.pem
index c1b6105..826db8b 100644
--- a/certs/public/fripost.org.pem
+++ b/certs/public/fripost.org.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIGHTCCBQWgAwIBAgISAVNRrmK0qo/HwaqLbfEeSVcJMA0GCSqGSIb3DQEBCwUA
+MIIGHTCCBQWgAwIBAgISAtYvOExDrsgFOpAaxEuyAQl+MA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDgxOTM1MDBaFw0x
-NjAzMDcxOTM1MDBaMBYxFDASBgNVBAMTC2ZyaXBvc3Qub3JnMIICIjANBgkqhkiG
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAzMDUxMjQ5MDBaFw0x
+NjA2MDMxMjQ5MDBaMBYxFDASBgNVBAMTC2ZyaXBvc3Qub3JnMIICIjANBgkqhkiG
 9w0BAQEFAAOCAg8AMIICCgKCAgEA40NtrjEbAPdCAliRNgd+6DgwGDGe0eOwyIWu
 nhwWQ3qOz+6zmSVqW4KhbPW5ISipA82SKw97Gu9g6nSRWTHMkry4SzSpis99eQ7x
 QA8TpLm+g9MzH8CJKs3ea8N2Xqc6EqpnaNmCSo07+0oki2r5LRAwANChLOFuRvRI
@@ -19,19 +19,19 @@ BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUHZY9GB30
 kxEIRKVLzdyDVL4FPycwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw
 cAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDEu
 bGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgx
-LmxldHNlbmNyeXB0Lm9yZy8wOQYDVR0RBDIwMIILZnJpcG9zdC5vcmeCD3d3dy5m
-cmlwb3N0Lm9yZ4IQd2lraS5mcmlwb3N0Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeB
+LmxldHNlbmNyeXB0Lm9yZy8wOQYDVR0RBDIwMIILZnJpcG9zdC5vcmeCEHdpa2ku
+ZnJpcG9zdC5vcmeCD3d3dy5mcmlwb3N0Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeB
 DAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMu
 bGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNh
 dGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFu
 ZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5
 IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0G
-CSqGSIb3DQEBCwUAA4IBAQADhIMJYMH9neqNP8pnYUn5XYfZorIRB1n3hbE6s849
-KuBcdAwmbgLXkL67r5cQRUCmLkV+KRu8XOrBHQtYOxzt1ANEWs4lRgZdz3UFUnXT
-/9bzY4DZey+DOmOE0qG9oZD4AZTguFcnkDC4adHrmzdMf3Me3zF5hAJR1N2fEpKk
-vBjnJRKA/90/5U6VMHUiBkor4hMwzfuUCZdgNKvVeGhDWVUr0OLOnW+b8MnmLz87
-LvxR5DgqyxlKqq6CqsGzzLs6qdFqAiZjB7cF2s7e/Wi3nVDFr8Qb1TlxdlkQ15ka
-xbvhxUD0YHOsO+hGiwbo6gAeFrzP3uxTTzhrtHnZgOVZ
+CSqGSIb3DQEBCwUAA4IBAQA8DqkuYcK3u7vXByQPCCLW+vIid+XgZPZaD03qabYD
+CqEExFq4xChCy6rRUd+0vMxllgf74DeRQoUh/OqQ2ON6gRY87VZYctVdSQ0dr2BV
+nidKdobM8IZBGvU5CYT1ZOwypIpfazI7pat2wXMrvreWhDnEcaoUszgasX20eHBq
+QsoFLpSvSCdCtVkU8EZuIA8UPxGME7y1Q+F8X4iOItphuo9Xu2kz+FSLMf6KRlws
+QxX54mUzk4H1NA/O6Mg9OSneJ43zPtQk2NhUQFzWROYZiquVMyNqqBZO5aytAZU0
+UEN2ovF9Wc6QEGESjSJWEbhCFNq29cfhC0mUnWb1E5Sg
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
diff --git a/certs/public/git.fripost.org.pem b/certs/public/git.fripost.org.pem
index 1810c03..2e50665 100644
--- a/certs/public/git.fripost.org.pem
+++ b/certs/public/git.fripost.org.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIGAjCCBOqgAwIBAgISAYNlFOqyNr6JG6VCrfsp/5VCMA0GCSqGSIb3DQEBCwUA
+MIIGAjCCBOqgAwIBAgISAvpEniCjY9RKPXttVW5lLeZkMA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDgxOTMyMDBaFw0x
-NjAzMDcxOTMyMDBaMBoxGDAWBgNVBAMTD2dpdC5mcmlwb3N0Lm9yZzCCAiIwDQYJ
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAzMDUxMjQ5MDBaFw0x
+NjA2MDMxMjQ5MDBaMBoxGDAWBgNVBAMTD2dpdC5mcmlwb3N0Lm9yZzCCAiIwDQYJ
 KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKZhfyFvQMwMR4fRPBDKsyIkSe7M5wnx
 4IZ0yoJLEU0xq84K+SRQ1l/d2nrnoXQ4QKZj1/Ld9tF0nv3OrmDVvoIjalVCNn2g
 /XBW0e41KdHybhim3hYYB5WajEswGQB8UUgUrCtLoVFhzv9YfrPLVEgMl94GFm0B
@@ -25,13 +25,13 @@ KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
 AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
 YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
 aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
-cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAmjjh+ymazFdma
-4j/fVcAPxmUJSUl7dqG+lohv2uSwnjz/SEMtiOLcpoySOJZAN/tjz5VWvgA+/xeL
-EhmFs5P4FuxvhOX4LJgLgAKL3tEoIvantGi8nPCQh1UBYgvQ3Q5B2svehNWezQva
-qJ0jxsXN8o2BtBq4oC0m7e7UDu7o1YXxZEspPkK6wCAsB7m8fAdPHPA7AyimfqTj
-lPztlpkJsZCGa5lplpi6EvS6wzFkZuWQYHaxqb9L0dN9SVu4YwshEBoKdUMIxSeM
-hD6Dq0ebWLYRWg2AHHnF1xtbfUqQLw1kqbdgcl3vcsoDPt5nDkStMIVcd20nR1W6
-KGZ8K+jB
+cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAeeWSujyFMOzNL
+oT4wkOwIov/AYFgS1Mo8NOBhazKILYDnqVPbGAjnuV8dlkh1upcX2flVqytLnw4U
+iB9wEjNkf8+0FoZM8kxeB9P8ZLDLPXMfFAtRkuq5+M2obT6/xKgBJjVLIaK6zokl
+nGB5vL36lXLQ3N4RhZxs4P/mYLkYg4LherAXUuWzvqPZUXD/UY+QRNnEq2K0bvLp
+PiGMK6OYi7cghNfixeLZ9uHD/POGeZJge9OkU8plIcPq/kEnb75zT1DKn0IlL+Ol
+hFFlE8vIOJu6XNSkKKFEsSpGJzWMDPd0pXBulutCU4M2i/Ro117Oth4x6JhtJwnQ
+zOROhGbP
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
diff --git a/certs/public/mx2.fripost.org.pem b/certs/public/mx2.fripost.org.pem
index 2080ee5..457c508 100644
--- a/certs/public/mx2.fripost.org.pem
+++ b/certs/public/mx2.fripost.org.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIGAjCCBOqgAwIBAgISAUBmsGd9DcCLwDznhjjca/3/MA0GCSqGSIb3DQEBCwUA
+MIIGAjCCBOqgAwIBAgISAju4uLaE1a0WUm+l0INFzY1MMA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMTYwMDEwMDBaFw0x
-NjAzMTUwMDEwMDBaMBoxGDAWBgNVBAMTD214Mi5mcmlwb3N0Lm9yZzCCAiIwDQYJ
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAzMDUxMjQ5MDBaFw0x
+NjA2MDMxMjQ5MDBaMBoxGDAWBgNVBAMTD214Mi5mcmlwb3N0Lm9yZzCCAiIwDQYJ
 KoZIhvcNAQEBBQADggIPADCCAgoCggIBALQbPWAwWT9JwMkJ4V+O9lnlvhH+Mbj9
 OpJNy+Aeghevn9eKYNRhouHjqEvS9AfGAkykynnl0xaePg0koF1Eo7/J85HkZrxk
 khikZTYcXRvQxmD6zpU33DS5CH2Jcf2PR1lYrbTTn5emJ8WiUmY0jh941dr5IVKx
@@ -25,13 +25,13 @@ KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
 AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
 YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
 aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
-cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBs4Iq51S5xR94h
-SzKhlt7fdCgP1YdjWB1kjWTC9xL7Iii22E4n3YipH96wKHBMxnS3cZsCLHZ8VdHe
-KXr1kTw4AH7Jx+KCzj2ztjD/z6t6wb1IZZTpHFMJKZVf67Y+Bb9W/mpQww1Yq8IU
-x+90BDLE9OiNGjPe/a7uTrCi/FJ8ESCHcX+0yiDXMDP/1Kdy0XPUle+gAqJUUM1R
-09O8f3hwwIhVXcP0DA8UR0un5/usFttereY9OQX46iK4ckrfAhvNpjqqfMVzW1nu
-H0XPnh3lr4k8L/jJeK8tNa3QVnVxPGV5ZDotqQrZKG47nEZgNcXPxxe6otjneZXR
-LQFrwFiZ
+cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQB0KC6R9nICFGmj
+hvknr8yMuKouFWOqbyxIztTCt573N8Xvlt7WYCdse80gQ+rPYE1hm5QHEdEpeckc
+94q7Jk+ksj9Uq2zkJwOm3jDqsbxh/9rpi5mj+6d+N/mcJbkK6DmQQJamUT9d7jwF
+KHlwDoPdZWnfltnJiNhOoprbLX/+4Guo0JFbJ19K7jQ8NbPHb0/dl56yO0in6ZTV
+p2PTzol/rfPknEv9PbF0KMEk8iuuFoEkrGXKaAN8KWWdbvtgztMMrZTAyFc716jv
+WtdqAuefZRyKkdd6Oa9wiLLNrGt/J1irn+HzR8MniFc/qh9lnPG7Nfykyp9mjMMn
+BMkBQssr
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
diff --git a/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2 b/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
index fef5c62..ca3415a 100644
--- a/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
+++ b/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
@@ -15,7 +15,7 @@ notify = /bin/systemctl restart dovecot
 certificate-key = /etc/postfix/ssl/smtp.fripost.org.key
 certificate-chain = /etc/postfix/ssl/smtp.fripost.org.pem
 subject = /O=Fripost/CN=smtp.fripost.org
-notify = /bin/systemctl restart postfix
+notify = /bin/systemctl reload postfix
 {% endif %}
 
 {% if 'MX' in group_names %}
@@ -23,7 +23,7 @@ notify = /bin/systemctl restart postfix
 certificate-key = /etc/postfix/ssl/mx.fripost.org.key
 certificate-chain = /etc/postfix/ssl/mx.fripost.org.pem
 subject = /O=Fripost/CN=mx{{ mxno }}.fripost.org
-notify = /bin/systemctl restart postfix
+notify = /bin/systemctl reload postfix
 {% endif %}
 
 {% if 'lists' in group_names %}
@@ -31,7 +31,7 @@ notify = /bin/systemctl restart postfix
 certificate-key = /etc/nginx/ssl/lists.fripost.org.key
 certificate-chain = /etc/nginx/ssl/lists.fripost.org.pem
 subject = /O=Fripost/CN=lists.fripost.org
-notify = /bin/systemctl restart nginx
+notify = /bin/systemctl reload nginx
 {% endif %}
 
 {% if 'wiki' in group_names %}
@@ -40,7 +40,7 @@ certificate-key = /etc/nginx/ssl/www.fripost.org.key
 certificate-chain = /etc/nginx/ssl/www.fripost.org.pem
 subject = /O=Fripost/CN=fripost.org
 subjectAltName = DNS:fripost.org,DNS:www.fripost.org,DNS:wiki.fripost.org
-notify = /bin/systemctl restart nginx
+notify = /bin/systemctl reload nginx
 {% endif %}
 
 {% if 'webmail' in group_names %}
@@ -49,7 +49,7 @@ certificate-key = /etc/nginx/ssl/mail.fripost.org.key
 certificate-chain = /etc/nginx/ssl/mail.fripost.org.pem
 subject = /O=Fripost/CN=mail.fripost.org
 subjectAltName = DNS:mail.fripost.org,DNS:webmail.fripost.org
-notify = /bin/systemctl restart nginx
+notify = /bin/systemctl reload nginx
 {% endif %}
 
 {% if 'git' in group_names %}
@@ -57,7 +57,7 @@ notify = /bin/systemctl restart nginx
 certificate-key = /etc/nginx/ssl/git.fripost.org.key
 certificate-chain = /etc/nginx/ssl/git.fripost.org.pem
 subject = /O=Fripost/CN=git.fripost.org
-notify = /bin/systemctl restart nginx
+notify = /bin/systemctl reload nginx
 {% endif %}
 
 ; vim:ft=dosini
-- 
cgit v1.2.3