Let acmeuser reload nginx

acmesh.md

@@ -27,6 +27,16 @@ source ~/.bashrc
 acme.sh --set-default-ca --server letsencrypt
 ```
 
+Allow user acmeuser to reload nginx, etc.
+
+```bash
+# Uncomment "includedir /etc/sudoers.d" in /etc/sudoers
+sed -e '/includedir/ s/^##*/#/g' -i /etc/sudoers
+cat >/etc/sudoers.d/acmeuser <<EOL
+acmeuser ALL=NOPASSWD: /usr/bin/systemctl reload nginx.service
+EOL
+```
+
 ## Set up DNS validation with knsupdate (Knot)
 
 Specify the DNS server which hosts your zone and the TSIG key which can update the zone via dynamic updates.
@@ -60,7 +70,7 @@ acme.sh --install-cert -d $DOMAINLE --ecc \
     --fullchain-file $CERTPATH/fullchain.pem \
     --key-file $CERTPATH/privkey.pem \
     --ca-file $CERTPATH/chain.pem \
-    --reloadcmd "/usr/bin/systemctl reload nginx.service"
+    --reloadcmd "sudo /usr/bin/systemctl reload nginx.service"
 ```
 
 ## Set up notifications