If you’re running a recent enough version of certbot, just drop your before script in
/etc/letsencrypt/renewal-hooks/pre and your after script in
(If these two directories exist on your system then they’ll work. If they’re not there, it’s too old.)
If you’re running an older version of certbot, you have to instruct certbot to run the hooks when issuing the certificate, e.g.:
certbot certonly --standalone -d domain1.com,www.domain1.com --pre-hook /usr/local/bin/certbot-pre.sh --post-hook /usr/local/bin/certbot-post.sh
certbot certonly --standalone -d domain2.com,www.domain2.com --pre-hook /usr/local/bin/certbot-pre.sh --post-hook /usr/local/bin/certbot-post.sh
Even though you have to define it for every certificate you want it to run for, certbot will only call it once as long as the commands are identical.