I'm automating an SSL certificate renewal from LetsEncrypt's certbot. The actual renewal is working, but I need to automate restarting services so that they load the renewed certificates. I was wondering if you can use multiple --renew-hook parameters within the cronjob for letsencrypt renew?
How to automate restarting services upon certificate renewal?
Yes you can use multiple --renew-hook statements. also use the -q flag so it emails you a blank notification until a renewal actually does occur. It also does not restart any of your services until a renewal occurs. This also attaches the log file to the email if you so desire.
I have a cron that runs a bash daily.
Inside my bash (certbotrenew.sh) is simply this
#!/bin/bash
cd /opt/certbot
sudo ./certbot-auto renew --renew-hook "service postfix reload" --renew-hook "service dovecot restart" --renew-hook "service apache2 reload" -q >> /var/log/certbot-renew.log | mail -s "CERTBOT Renewals" [email protected] < /var/log/certbot-renew.log
exit 0
and my cron is
00 20 * * 1 /bin/certbotrenew.sh
Some people question why I send an email regardless of if nothing happened, I just always like to know my daily crons are running.