The doc on how certbot is integrated into operations is a bit thin.
My Let’s Encrypt cert is “external” to the nginx container. It’s on the VM running Docker. I have a couple of questions about what I can do when it’s time to renew the cert. Assume I am running a cron job every 75 days.
If I get the container ID of current the ngnix container in my cron job, can I simply restart it to have it pick up a renewed cert? Or must I restart all the containers?
If I can just restart the nginx container does that terminate users’ sessions who have vault timeouts set to never. (Yes, I know… )
In theory you could restart just the nginx container with docker restart bitwarden-nginx after your external cert renewal, though I would suggest to contact Bitwarden’s support for an official answer on the best practice method they recommend.
This should not terminate any user session I would imagine, especially as Never will mean that the user’s vault will never go into either a Locked or Logged out state. For more check out Understanding unlock vs. log in and Vault timeout action.
So this shouldn’t cause any concern unless there is data needing to be sent/received to/from the client & server, someone might have an issue if they either tried to Login, or otherwise update or create a new entry in their vault during the brief moment your nginx container is rebooting. During that moment your self-hosted instance is having maintenance should a person try to connect they would likely experience similar errors when using Bitwarden offline.