Certbot - reload specific service when specific domain is renewed


#1

Hi, i have problem like in title. How i can reload my service only if specific domain is renewed with certbot.

E.g.
If imap.domain.com is renewd i wish reload imap service
for smtp.domain.com, reload smtpd deamon
domain.com and www.domain.com reload http(s) service

Can I use --renew-hook in renewal config (/etc/letsencrypt/renewal/imap.domain.com.conf) to restart specify service?

I hope I explained my problem clearly and you can understand it.
I’m not native speaker and don’t know English very well, so sorry for my English.


#2

I think that’s not possible, but @schoen can say for sure.


#3

There’s no way to specify a per-domain renew hook. However, the script you provide has access to the $RENEWED_DOMAINS variable, which will contain a list of renewed domains. Your bash script could use this variable in an if (or case) statement and restart the relevant service depending on the value.

Here’s the full documentation for --renew-hook where this is mentioned:

--renew-hook RENEW_HOOK
             Command to be run in a shell once for each
             successfully renewed certificate.For this command, the
             shell variable $RENEWED_LINEAGE will point to
             theconfig live subdirectory containing the new certs
             and keys; the shell variable $RENEWED_DOMAINS will
             contain a space-delimited list of renewed cert domains

#4

Thank you for your answer. I suspected that can do it by only bash script. Can you show me simple example how to use this variable in my own scipt, becouse I’m new in bash scripting.


#5

@szakal, it might look something like

for domain in $RENEWED_DOMAINS
do
    if [ "$domain" = relevant-domain.example.com ]
    then
        echo "Performing the reload action"
        # Command(s) to actually perform the reload action should be placed here
    fi
done

If you want to put various actions in the same script, there is also elif, like

for domain in $RENEWED_DOMAINS
do
    if [ "$domain" = first.example.com ]
    then
        echo "Performing the first action"
        # Command(s) to actually perform the first action should be placed here
    elif [ "$domain" = second.example.com ]
    then
        echo "Performing the second action"
        # Command(s) to actually perform the second action should be placed here
    fi
done

You can add more elif blocks like this to handle more cases. There are also potential ways to avoid reloading twice when you renew domain.com and www.domain.com, but the most correct ones probably entail learning more shell scripting. :slight_smile:


#6

@schoen thank you so much. I wasn’t sure how it should look, I could test many options, but it hard to test when I can’t update my cert when I wann


#7

@szakal, I’m glad that’s helpful to you. In a future version of Certbot, there will also be a way to specify a particular certficate to renew with certbot renew (instead of renewing all of them that are near expiry), which will be useful for testing things like this.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.