After discussing my shell script with some bash gurus on IRC, I've made a better script, that should run anywhere POSIX shells are available.
#!/bin/sh
# NOTE: This scripts was made to work with certbot. I don't guarantee it will
# work with other ACME clients.
#
# This was tested in Ubuntu 20.04. This should work as it is on
# Debian/Ubuntu based distros. For other distros please check Certbot
# documentation.
#
# Place this script inside /etc/letsencrypt/renewal-hooks/deploy/ and
# name it `deploy_irc'
#
# Make the script executable with:
#
# chmod +x /etc/letsencrypt/renewal-hooks/deploy/deploy_irc
#
# Edit the subdomain, user and paths to fit your setup.
# Enjoy!
# What's your subdomain?
subdomain=irc.domain.tld
# What is the shell user running UnrealIRCd?
user=ircd
# What is the shell group of the user running UnrealIRCd?
# Usually it's the same as the user specified above.
# You shouldn't have to edit this unless you've added the user to another group
group=$user
# Path to UnrealIRCd executable folder
# Usually "/home/<user>/unrealircd/" when installed normally
execdir=/home/$user/unrealircd
# Path to the UnrealIRCd tls folder
# Usually `/home/<user>/unrealircd/conf/tls' when installed normally
# You shouldn't have to edit this unless you've customised your installation
tlsdir=$execdir/conf/tls
# Don't edit anything below unless you know exactly what you're doing.
# If you touch the code below and then complain the script "suddenly stopped working" I'll touch you at night.
case $RENEWED_LINEAGE in
*/"$subdomain")
cp -f -- "$RENEWED_LINEAGE"/fullchain.pem "$RENEWED_LINEAGE"/privkey.pem "$tlsdir" &&
chown -- "$user":"$group" "$tlsdir"/fullchain.pem "$tlsdir"/privkey.pem &&
"$execdir"/unrealircd reloadtls &&
"$execdir"/unrealircd rehash
esac
Hope this helps anyone else. 