I would start with improving the overall renewal checking experience with:
- using the
--deploy-hook (only when the cert changes) to restart those things that weren't stopped
- look for a way to use
nginx instead of having to stop it
(to check if a cert needs to be renewed) on each renewal.
[<1% of regularly scheduled checks require a renewal]
So, at a bare minimum (improvement), you could do all three:
/usr/bin/certbot renew \
--pre-hook "service nginx stop" \
--post-hook "service nginx start" \
--deploy-hook "service dovecot restart"
For multiple commands... I would think so.
EDIT (for clarity/completeness): You can either put the scripts in the directory (which will always run) or call the scripts directly from the hooks in the command line (on a one-by-one basis - different cert renewals may require different things to be restarted).
OR maybe try with " && " instead of just ";;" as a separator.
Not sure as I don't normally use pre/post hooks.
READERS: Get involved and participate: If you read something you like, then click to like it