Yes, that is right, and that is right for
Yes, that is correct, and the same for
Keep in mind,
--renew-hook is a hidden option since certbot version 0.19 because they deployed a new param called
--deploy-hook and this is the one you should use. Both params are doing the “same”, but the main difference is that
--renew-hook is only called on renewals and
--deploy-hook is called not only on renwals but on new issued certs too.
An example, you want to get a certificate for your new domain
superdomain.tld and execute this command
/etc/init.d/httpd graceful automatically,
If you execute this command:
certbot-auto certonly -a webroot -w /path/to/webroot -d superdomain.tld --staging --renew-hook "/etc/init.d/httpd graceful"
You will get your certificate but
/etc/init.d/httpd graceful command won’t be executed when issuing the cert but it will do in the next renewal.
If you use this command:
certbot-auto certonly -a webroot -w /path/to/webroot -d superdomain.tld --staging --deploy-hook "/etc/init.d/httpd graceful"
You will get your certificate AND
/etc/init.d/httpd graceful command will be executed when issuing the cert and in the next renewal it will be executed too.
Edit: I forgot to say that you can use several commands on
--deploy-hook if you want:
--deploy-hook "/etc/init.d/httpd graceful ; touch /etc/letsencrypt/renewed"