I run ACME on centos. The renewal works. What I need is how to force reload for postfix and centos immediately after the new certificates are created. Nginx doesn’t seem to be a problem, but I suppose it should be reloaded as well.
Can you link to the project for "ACME"? Might you mean Certbot? Or acme.sh? Or acmetool?
Generally this can be done with hooks, which are supported by most ACME clients.
Sorry about the lack of precision. It is acme.sh as found at https://github.com/Neilpang/acme.sh
This should be what you’re after: https://github.com/Neilpang/acme.sh/wiki/Using-’--pre-hook’,-’--post-hook’,-’--renew-hook’-and-’--reload-cmd’
So an example hook might be:
systemctl reload nginx; systemctl reload postfix; systemctl reload dovecot;
1 Like
That should work. Thanks. Now to find where I run that script, but that is my problem.
Can the moderator change acme to acme.sh in the subject line? That would make the thread more useful.
It took me some time to find the file locations. I have a file for each domain located in /root/.acme.sh/ . Doing a minimal of sanitizing (i.e. using mydomain.com), here is /root/.acme.sh/mydomain.com/mydomain.com.conf:
Le_Domain='mydomain.com'
Le_Alt='www.mydomain.com'
Le_Webroot='dns_dgon'
Le_PreHook=''
Le_PostHook=''
Le_RenewHook=''
Le_API='https://acme-v01.api.letsencrypt.com/directory'
Le_Keylength=''
Le_LinkCert='https://acme-v01.api.letsencrypt.com/acme/cert/somelonghash'
Le_LinkIssuer='https://acme-v01.api.letsencrypt.com/acme/issuer-cert'
Le_CertCreateTime='1549932260'
Le_CertCreateTimeStr='Tue Feb 12 00:44:20 UTC 2019'
Le_NextRenewTimeStr='Sat Apr 13 00:44:20 UTC 2019'
Le_NextRenewTime='1555029860'
Le_RealCertPath=''
Le_RealCACertPath=''
Le_RealKeyPath='/root/certs/mydomain.com/mydomain.com.key'
Le_ReloadCmd='service nginx force-reload'
Le_RealFullChainPath='/root/certs/mydomain.com/fullchain.cer'
So I’m assuming I would add the following lines:
Le_ReloadCmd='systemctl reload postfix'
Le_ReloadCmd='systemctl reload dovecot'
I’m probably using an abundance of caution, but certs are tricky and doing it wrong breaks everthing!
How does this look?
Hmmm. I don’t know if acme.sh can handle separate declarations of the same variable like that - aren’t they just shell variables that would overwrite each other?
Maybe just chain the commands together into a single line like I did it my earlier post?
Sure. Just replace the service nginx line with
Le_ReloadCmd='systemctl reload nginx;systemctl reload postfix;systemctl reload dovecot'
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.