As the packaged version of letsencrypt for Ubuntu is apparently stuck at a version that doesn’t have the --post-hook option, I have created the following shell script to enable certificates to be automatically renewed in a cron job:
#!/bin/sh
set -e
old=`/usr/bin/stat --format='%i:%N:%s:%W:%Y' /etc/letsencrypt/live/*/*`
/usr/bin/letsencrypt renew >/dev/null
new=`/usr/bin/stat --format='%i:%N:%s:%W:%Y' /etc/letsencrypt/live/*/*`
if [ "$old" != "$new" ]; then
for service in nginx dovecot postfix; do
/bin/systemctl -q is-active "$service" && \
/bin/systemctl -q reload "$service"
done
fi
I thought this might be helpful for other people, or indeed others might have feedback regarding this method. (Obviously, the list of services to be reloaded when a certificate has been renewed will vary depending on what services are being used.)