| 5 Oct 2023 |
 osnyx (he/him) |
is that the Acme module assumes some mechanism will reload nginx when its own config changes irrespective of nginx-config-reload
But that cannot happen because the yet-to-be-generated certificate files are already referenced by the new config after switch, irrespectively whether the self-signed services have already run.
| 14:12:14 |
| osnyx (he/him) | I read (haven't tried myself) that nginx crashes when the config references nonexisting cert files. This is probably one of the main reasons for the existence of nginx-config-reload, as it has a condition gurad that checks for the existence of cert files. | 14:13:27 |
 m1cr0man | Yes indeed. I think Apache silently fails here, and by the time a request is made selfsinged has run. I don't remember how nginx does it.
Actually - bigger point. The test suite is passing 😛 how? I'm pretty sure I have a test for your exact scenario | 14:14:04 |
| osnyx (he/him) | I've done a workaround for our own fork of the nginx module now. As we plan to move towards upstream anyways, I'll probably want to get this fixed there as well and will soon-ish try to write a reproducer in the acme tests. Shouldn't be that hard. | 14:15:18 |
| osnyx (he/him) | In reply to @m1cr0man:m1cr0man.com
Yes indeed. I think Apache silently fails here, and by the time a request is made selfsinged has run. I don't remember how nginx does it.
Actually - bigger point. The test suite is passing 😛 how? I'm pretty sure I have a test for your exact scenario But yeah, I should have a look at ALL the tests. | 14:15:59 |
