There are several: the global one is /etc/letsencrypt/cli.ini
and there's one per existing certificate in /etc/letsencrypt/renewal/
(though those are overwritten when you renew with specific options). You can also place renewal hook scripts in the directories under /etc/letsencrypt/renewal-hooks/
.
If systemd is present, service
seems to act as a backward-compatible wrapper around systemctl
. So it should be possible.
However, if systemd is present, the cron entry installed by the certbot package is ignored in favour of the systemd timer, so modifying it won't do any good.
It would be better to update the renewal configuration file(s), as that works no matter which scheduling method is used.
The recommended way to do that is to run certbot again with the correct options so that they get saved automatically to the per-certificate renewal config files. For example:
sudo certbot renew --force-renewal --deploy-hook "service postfix reload; service dovecot reload"
The --force-renewal
option is needed to force it to renew immediately so that it will save the new configuration (normally it skips certificates that aren't close to expiry), and --deploy-hook
is slightly better than --post-hook
here because it only runs after a successful renewal. If you have multiple certificates you should add the --cert-name
option to tell certbot which one you want to update.