Does Apache need to be reloaded after every renewal?

I’ve set up a bunch Let’s Encrypt certificates for my web hosting clients using certonly --webroot. I have a certbot renew cron job that runs weekly.

After an automatic renewal is run, is it necessary that I reload the Apache config each time? Because I noticed that one client was getting “this site isn’t secure” message from their browser when visiting their website, and I was, too. When I checked their certificate via certbot certificates I could see that their certificate was valid for 61 more days. But after reloading the Apache config (httpd -t), it cleared up and is working fine now without having changed anything else.

I’m running Apache 2.4.6 on a CentOS 7.7 server with Certbot 1.3.0. I have root access to my server and don’t use a control panel.


1 Like

Yes, but only when the cert is actually renewed (not on every renewal check).
You can use a post validation trigger to run your apache reload script.
Look at the --deploy-hook option,


you should add --deploy-hook "systemctl reload httpd" or something similar to your cronjob. (ideally, you should only run it once for the right certificate – but it’s not an issue if you only have one certificate)

(running your job weekly is not enough, you should go for daily)


Depending on how Certbot was installed, there may already be a systemd timer or cron job running at random times once or twice a day.

You can also drop a script in /etc/letsencrypt/renewal-hooks/deploy/.


What kind of script would I add systemctl reload httpd.service to and then place in the /etc/letsencrypt/renewal-hooks/deploy/ folder? That’s essentially what I need to do if a certificate has been renewed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.