Menu
I'm automating an SSL certificate renewal from LetsEncrypt's certbot. The actual renewal is working, but I need to automate restarting services so that they load the renewed certificates. I was wondering if you can use multiple --renew-hook parameters within the cronjob for letsencrypt renew?
How to automate restarting services upon certificate renewal?
445
Not sure if that's for newer versions only or not, but hope someone will find it useful. When you have at least 1 domain added, certbot will create "renewal-hooks" dir with 3 subdirs "deploy", "post", "pre".
If you will put any script into "post" folder, that will be executed after renewal automatically. Don't forget to make it executable by adding +x to the script.
I'm using just one "001-restart-nginx.sh" with the following content:
#!/bin/bash
echo "ssl certs updated" && service nginx restart
/etc/letsencrypt/renewal-hooks/post/001-restart-nginx.sh
This way you don't have to manually supply --post-hook params with certain instructions at all.
On actual renewal process you will see something like this:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/<your-domain-name>/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: /etc/letsencrypt/renewal-hooks/post/001-restart-nginx.sh
Output from post-hook command 001-restart-nginx.sh:
ssl certs updated
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
