Pre & post-hook question

I'm using certbot on my mail server, and I need to stop nginx before updating the cert and I need to restart it after updating the cert but I also need to restart dovecot.

Is it possible to do something like this:
/usr/bin/certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start;;service dovecot restart"

Or do I need to use the pre and post directories and put scripts into them
to do the stops/starts/restarts?


I would start with improving the overall renewal checking experience with:

  • using the --deploy-hook (only when the cert changes) to restart those things that weren't stopped
    [like Dovecot]
  • look for a way to use nginx instead of having to stop it (to check if a cert needs to be renewed) on each renewal.
    [<1% of regularly scheduled checks require a renewal]

So, at a bare minimum (improvement), you could do all three:

/usr/bin/certbot renew \
--pre-hook "service nginx stop" \
--post-hook "service nginx start" \
--deploy-hook "service dovecot restart"

For multiple commands... I would think so.
EDIT (for clarity/completeness): You can either put the scripts in the directory (which will always run) or call the scripts directly from the hooks in the command line (on a one-by-one basis - different cert renewals may require different things to be restarted).
OR maybe try with " && " instead of just ";;" as a separator.
Not sure as I don't normally use pre/post hooks.

READERS: Get involved and participate: If you read something you like, then click to like it :heart:


A couple of things to add:

  • The --pre-hook won't run unless a renewal is actually going to happen.
  • I can confirm for you that you can list multiple commands in a --pre-hook like that. This is because the hook is run inside a shell.

Possible citation needed there.
Was it that way always, or did it change to this way with version x.y.zz?


Yes, it's been the case since the original implementation of hooks (0.5.0).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.