From 4ec8323b8f3825539011c8583242d1249c731d17 Mon Sep 17 00:00:00 2001
From: seabo <george@humanloop.com>
Date: Tue, 29 Aug 2023 20:12:30 +0100
Subject: [PATCH] update tls certs again

---
 doc/deployment/history/20230829-tls-cert-update.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 doc/deployment/history/20230829-tls-cert-update.md

diff --git a/doc/deployment/history/20230829-tls-cert-update.md b/doc/deployment/history/20230829-tls-cert-update.md
new file mode 100644
index 0000000..fcb7a18
--- /dev/null
+++ b/doc/deployment/history/20230829-tls-cert-update.md
@@ -0,0 +1,10 @@
+# Update TLS certs
+
+1. SSH into EC2 instance
+2. Unlike the notes I wrote last time, running `sudo certbot renew`
+   didn't work because nginx was already bound to port 80 and certbot
+   couldn't do it's nifty challenge thing.
+3. So: `docker stop xyz-prod-nginx-1` - this causes some downtime for
+   the app, which I think we can afford.
+4. Now `sudo certbot renew` works.
+5. Relaunch docker containers with `docker compose -p xyz-prod -f docker-compose.yml -f docker-compose.production.yml up -d`