RedHat 8.5
vsftpd-3.0.3-34.el8.x86_64
certbot 1.28.0
certbot-renewal.service shows:-
ExecStart=/usr/bin/certbot renew --post-hook systemctl restart vsftpd (code=exited, status=0/SUCCESS)
but vsftpd service wasn't restarted.
letsencrypt.log for the renewal shows:-
-----END CERTIFICATE-----
2022-05-09 20:05:15,614:DEBUG:acme.client:Storing nonce: 0102-qgV2d6GFzyavgSP61f88vCthK3RMQ2-1kWyvQw4WGI
2022-05-09 20:05:15,616:DEBUG:certbot._internal.storage:Writing new private key to /etc/letsencrypt/archive/REDACTED/privkey2.pem.
2022-05-09 20:05:15,616:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/archive/REDACTED/cert2.pem.
2022-05-09 20:05:15,616:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/archive/REDACTED/chain2.pem.
2022-05-09 20:05:15,616:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/archive/REDACTED/fullchain2.pem.
2022-05-09 20:05:15,630:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/REDACTED.conf.new.
2022-05-09 20:05:15,632:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2022-05-09 20:05:15,632:DEBUG:certbot._internal.display.obj:Notifying user:
2022-05-09 20:05:15,632:DEBUG:certbot._internal.display.obj:Notifying user: Congratulations, all renewals succeeded:
2022-05-09 20:05:15,632:DEBUG:certbot._internal.display.obj:Notifying user: /etc/letsencrypt/live/REDACTED/fullchain.pem (success)
2022-05-09 20:05:15,633:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-05-09 20:05:15,633:DEBUG:certbot._internal.renewal:no renewal failures
########
FOR COMPARISON, when configured to restart postfix instead of vsftpd the post hook runs as expected:-
-----END CERTIFICATE-----
2022-05-13 10:42:59,235:DEBUG:acme.client:Storing nonce: 0101MPketGIYdcaEtevTGG70XDD0K43xAJuW_iYYF2dBOo4
2022-05-13 10:42:59,236:DEBUG:certbot._internal.storage:Writing new private key to /etc/letsencrypt/archive/REDACTED/privkey6.pem.
2022-05-13 10:42:59,236:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/archive/REDACTED/cert6.pem.
2022-05-13 10:42:59,237:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/archive/REDACTED/chain6.pem.
2022-05-13 10:42:59,237:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/archive/REDACTED/fullchain6.pem.
2022-05-13 10:42:59,246:DEBUG:certbot._internal.cli:Var post_hook=systemctl restart postfix (set by user).
2022-05-13 10:42:59,247:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/REDACTED.conf.new.
2022-05-13 10:42:59,248:DEBUG:certbot.display.util:Notifying user: new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/REDACTED/fullchain.pem
2022-05-13 10:42:59,249:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2022-05-13 10:42:59,250:DEBUG:certbot.display.util:Notifying user:
2022-05-13 10:42:59,250:DEBUG:certbot.display.util:Notifying user: Congratulations, all renewals succeeded:
2022-05-13 10:42:59,250:DEBUG:certbot.display.util:Notifying user: /etc/letsencrypt/live/REDACTED/fullchain.pem (success)
2022-05-13 10:42:59,250:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-05-13 10:42:59,250:DEBUG:certbot._internal.renewal:no renewal failures
2022-05-13 10:42:59,250:INFO:certbot.compat.misc:Running post-hook command: systemctl restart postfix
so the post hook calls can be seen in the logs when configured to restart postfix, but not when configured to restart vsftpd
what's going on?