From ec0f93622746c579ea6dc0540e1673ba153f84f3 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 23 Apr 2019 17:49:03 +0300
Subject: [PATCH] Try SSL renewal more frequently and reload later

It doesn't hurt to attempt renewal more frequently, as it only does
real work if it's actually necessary.

Reloading, we postpone some more, because certbot adds some random delay
(between 1 and 8 * 60 seconds) when renewing. We want to ensure
we reload at least 8 minutes later, which wasn't the case.

To make it even safer (in case future certbot versions use a longer
delay), we reload a whole hour later. We're in no rush to start using
the new certificates anyway, especially given that we attempt renewal
often.

Somewhat fixes #146 (Github Issue)
---
 .../matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
index e4613ed78..771081b1c 100644
--- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
@@ -69,7 +69,7 @@
       state: present
       hour: 4
       minute: 15
-      day: "*/5"
+      day: "*"
       job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
 
   - name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload)
@@ -78,9 +78,9 @@
       cron_file: matrix-ssl-lets-encrypt
       name: matrix-nginx-proxy-reload
       state: present
-      hour: 4
+      hour: 5
       minute: 20
-      day: "*/5"
+      day: "*"
       job: /bin/systemctl reload matrix-nginx-proxy.service
     when: matrix_nginx_proxy_enabled
   when: "matrix_ssl_retrieval_method == 'lets-encrypt'"