Hi @own3mall,
The first time no, as far as I know certbot doesn't provide any hook when issuing the cert for the first time but it provides a hook --deploy-hook
that will be triggered on renewals and you could use it to execute an script to perform the needed tasks.
Following your example, the deploy script could be something like this:
#!/bin/sh
cat ${RENEWED_LINEAGE}/privkey.pem ${RENEWED_LINEAGE}/fullchain.pem > ${RENEWED_LINEAGE}/courier.pem && /usr/sbin/service courier-pop-ssl restart && echo /usr/sbin/service courier-imap-ssl restart
We save this script in for example /etc/letsencrypt/courier.sh
(remember to give execution perms)
chmod 750 /etc/letsencrypt/courier.sh
Then, the next time you issue a new cert, you use the certbot certonly -a webroot or whatever are the options and you add --deploy-hook "/etc/letsencrypt/courier.sh"
so next time this cert would be renewed it will execute the script.
If you already want to do this for existing certs:
Option 1, the script will be executed when any of your cert is renewed:
1.- Copy the script to /etc/letsencrypt/renewal-hooks/deploy/
or
2.- If you have a cron job issuing the command certbot renew, just edit that cron job and add the deploy hook param... certbot renew --deploy-hook "/etc/letsencrypt/courier.sh"
Option 2, the deploy hook will be used only in specified certs.
1.- Renew and exixting cert appending the deploy hook param, if the cert is not close to expire maybe you want to force the renewal (you should not use this option).
certbot renew --cert-name herethecertnameforthedomainyouwanttorenew --deploy-hook "/etc/letsencrypt/courier.sh" --force-renewal
or
2.- Edit the renewal conf file for your domain /etc/letsencrypt/renewal/yourdomain.conf
and append the deploy hook directive (in this file its name is renew-hook
) to the section [renewalparams]
[renewalparams]
other options
renew_hook = /etc/letsencrypt/courier.sh
So you have options... the first time you should create the courier.pem by "hand" but in next renewals this will be automatic.
I hope this helps.
Cheers,
sahsanu