Squashed commit of the following:

commit 0ea7b10
Author: Viktor Roytman <vr2262@columbia.edu>
Date:   Tue Dec 6 13:02:02 2016 -0500

    Update version number to 0.0.4

commit 9cd9f87
Author: Viktor Roytman <vr2262@columbia.edu>
Date:   Tue Dec 6 13:01:50 2016 -0500

    Modify cron command

Author: vr2262

prod/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '2'
 services:
   minigrid:
-    image: selcolumbia/minigrid-server:0.0.3
+    image: selcolumbia/minigrid-server:0.0.4
     command: ./prod/run.sh --db_host=db --redis_url=redis://redis:6379/0 --minigrid-website-url=https://www.example.com
     depends_on:
       - redis

prod/install.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env sh
-# Minigrid Server installer for version 0.0.3
+# Minigrid Server installer for version 0.0.4
 set -e
 
 # Do you have docker installed?
@@ -108,8 +108,8 @@ $SUDO openssl dhparam -out /etc/letsencrypt/live/$LETSENCRYPT_DIR/dhparam.pem 20
 printf "========================================\n"
 printf " Downloading configuration files        \n"
 printf "========================================\n"
-$CURL -L https://raw.githubusercontent.com/SEL-Columbia/minigrid-server/0.0.3/prod/docker-compose.yml > docker-compose.yml
-$CURL -L https://raw.githubusercontent.com/SEL-Columbia/minigrid-server/0.0.3/prod/nginx.conf > nginx.conf
+$CURL -L https://raw.githubusercontent.com/SEL-Columbia/minigrid-server/0.0.4/prod/docker-compose.yml > docker-compose.yml
+$CURL -L https://raw.githubusercontent.com/SEL-Columbia/minigrid-server/0.0.4/prod/nginx.conf > nginx.conf
 
 sed -i s/www.example.com/$LETSENCRYPT_DIR/g docker-compose.yml
 sed -i s/www.example.com/$LETSENCRYPT_DIR/g nginx.conf
@@ -133,7 +133,19 @@ printf "========================================\n"
 printf " Adding twice-daily cron job to renew   \n"
 printf " SSL certificate.                       \n"
 printf "========================================\n"
-CRON_CMD="mkdir -p /tmp/letsencrypt && docker run -it --rm --name certbot -v /etc/letsencrypt:/etc/letsencrypt:Z -v /var/lib/letsencrypt:/var/lib/letsencrypt:Z -v /tmp/letsencrypt:/tmp/letsencrypt:Z -v /var/log/letsencrypt:/var/log/letsencrypt:Z quay.io/letsencrypt/letsencrypt --renew certonly --webroot -w /tmp/letsencrypt $DOMAIN_ARGS && docker restart $NGINX_CONTAINER_NAME"
-CRON_JOB="07 01,13 * * * $CRON_CMD"
+# The --post-hook should just be docker restart $NGINX_CONTAINER_NAME... but
+# the container can't run the docker command properly.
+# So /tmp/renewed serves as a sentinel
+CRON_CMD="mkdir -p /tmp/letsencrypt && "\
+"docker run -it --rm --name certbot"\
+" -v /etc/letsencrypt:/etc/letsencrypt:Z"\
+" -v /var/lib/letsencrypt:/var/lib/letsencrypt:Z"\
+" -v /tmp:/tmp:Z"\
+" -v /var/log/letsencrypt:/var/log/letsencrypt:Z"\
+" quay.io/letsencrypt/letsencrypt renew --quiet --post-hook 'touch /tmp/renewed' ; "\
+"if [ -f /tmp/renewed ] ; then docker restart $NGINX_CONTAINER_NAME ; fi ; "\
+"rm -f /tmp/renewed"
+# https://certbot.eff.org/#ubuntuxenial-nginx recommends running this twice a day on random minute within the hour
+CRON_JOB="00 01,13 * * * sleep $(expr $RANDOM \% 59); $CRON_CMD"
 crontab -l | fgrep -i -v "$CRON_CMD" | { cat; echo "$CRON_JOB"; } | crontab -
 crontab -l