Is renew_hook run after each certificate renewal if more than one renewal?

In a bunch of LE .conf files for my domain certificates I noticed this line:

renew_hook = systemctl reload httpd.service

I guess that’s because I set up the CRON job that renews my certificates like this:

certbot renew --deploy-hook "systemctl reload httpd.service"

I have over 150 certificates for client websites on one server. Does this mean that if 10 of those certificates renew on the same day, it will restart Apache 10 times, once after each certificate renewal? Or only once after all renewals are done?

I also noticed that some of the LE domain .conf files don’t have the renew_hook line at all. Why do some have it, but some don’t?


My web server is (include version): Apache 2.4.6
The operating system my web server runs on is (include version): CentOS 7.8
I can login to a root shell on my machine: Yes
I’m using a control panel to manage my site: No
The version of my client is: 1.7.0

1 Like

Yes, though it’s not a restart, it’s a graceful reload. Traffic isn’t interrupted.

To do it only once, you should use --post-hook rather than --deploy-hook.

Even if you had 150 certificates all with --post-hook "systemctl reload apache2", it would only do it once, at the very end. It’s de-duplicating that way.

You can also drop an executable script in /etc/letsencrypt/renewal-hooks/post with the same effect.

If a --deploy-hook wasn’t configured, the line is omitted.

2 Likes

Thank you, I'll change --deploy-hook to --post-hook in my CRON command.

Is there a way to remove all the renew_hook lines from the domain conf files, or do I need to edit each one manually?

1 Like

No, there's nothing to make that easier. I think you'll have to do it yourself with sed or something.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.