I’ve successfully installed the packaged certbot on Debian, obtained some certificates using “certonly” subcommand and “webroot” authentication and configured apache to use them; now I want to automate the renewal process.
I’ve saw in documentation that certbot offer three type of hook, and the renewal hook looks the right one in which reload apache. Unfortunately this hook (and the other too) is not persisted aside the renewal settings, so the only way to specify it is on the command line.
The packaged version of certbot ships with a cron entry, which is located in /etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot && perl -e 'sleep int(rand(3600))' && certbot -q renew
This configuration ensure that certificates are automatically renewed, but the web server is never reloaded!!!
I want to ask what is the intended way to automatically renew certificate and reload the web server: should I edit the cron entry directly? What happen where a future version of the certbot package ships with a different cron configuration? (This has already happened with version 0.8.1-2, see the channgelog).
Is there a way to reload apache (or any other server using the certificates) after a renewal without manually edit the default cron entry?
Thanks