Letsencrypt: restart service using systemd
Published by cybso on
If, for some reason, certbot's --renew-hook argument
is not an option, you can use systemd to automatically restart any service whenever a certificate is renewed.
You need two files:
/etc/systemd/system/cerbot-watch@.service
:
[Unit]
Description=Certbot service restarter
After=network.target
[Service]
Type=oneshot
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/systemctl restart %i.service
[Install]
WantedBy=multi-user.target
/etc/systemd/system/cerbot-watch@.path
:
[Path]
PathModified=/etc/letsencrypt/live/
PathModified=/etc/letsencrypt/live/DOMAINNAME/
# Add one entry here for every certificate that should be monitored
[Install]
WantedBy=multi-user.target
After changing these files, execute systemctl daemon-reload
to notify systemd of the changes. Now you can start a "restart trigger" for each service you want to:
$ sudo systemctl start certbot-watch@postfix.path
$ sudo systemctl start certbot-watch@dovecot.path
The "sleep 10" argument in ExecStartPre ensures that the restart is triggered only once even if multiple files where changed.