Doest certbot automaticly reload nginx on successful renew?

I installed certbot on ubuntu 16.04 from ppa. Version: 0.17.0.

I obtained a cert with certbot --nginx so /etc/letsencrypt/renewal/mydomain.com contains the following

...
[renewalparams]
authenticator = nginx
installer = nginx
account = ...
...

I wonder should I add --deploy-hook /cmd/to/reload/nginx to certbot renew or is it done automaticly?

From CertBot User Guide: https://certbot.eff.org/docs/using.html

If you want your hook to run only after a successful renewal, use --renew-hook in a command like this.

certbot renew --renew-hook /path/to/renew-hook-script

Sry but

  • I’ve already read into the docs (–renew-hook is replaced with --deploy-hook in the recent code)
  • I’ve looked into the code

and I’m still not sure: if installer.restart() happens on renewal automaticly or not.

My recollection is yes, but let me double-check.

Someone else confirmed my recollection, so evidently you won’t need to use the --deploy-hook for this specific purpose with the nginx plugin. (Probably most nginx-related suggestions to use hooks were inspired by --webroot, which used to be recommended for nginx users before the Certbot nginx plugin was working. Since the webroot plugin doesn’t include an installer, it doesn’t have a built-in mechanism to restart the web server upon deployment.)

If anyone has any contrary experience, please let us know and we can try to fix or document this.

Thanks for clarification. It should definitely be outlined in docs.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.