Should i just add pre/post-hooks to systemd service?

I am on ubuntu 18.04 and certbot 0.31.0. i have a number of domains that are attached to a single Apache/2.4.29 instance.

just now, to renew i had to stop apache, renew and start apache. i don’t remember doing this in the past, but no matter. i need to automate this.

is the correct way add pre-hook restart apache to the renewal conf files or to the systemd service?

service currently just runs certbot -q renew

example renewal file has:

# Options used in the renewal process
account = SNIP
authenticator = standalone
server =


Hi @noirmaru,

Is it possible that you didn't use --standalone for some of the earlier domains that you set up, but then did use it for a more recent one? The need to stop and restart Apache is typically specific to the --standalone method, and doesn't apply, for example, if you use the --apache method.

1 Like

yeah. it looks like i have one on apache and two on standalone.

somewhat frustratingly i can no longer generate the error, though i doubt that it is resolved. neither --dry-run nor --force-renewal having any issues with the untouched config and apache running, now that they have been renewed with apache stopped for a single run of certbot…

You could try just editing that file to change authenticator = standalone to authenticator = apache, which might completely obviate the need to stop Apache before renewals in the future.

no errors with apache in the renewal conf with either --dry-run or --force-renewal.

I guess it is just fingers crossed that it works automatically three months from now?

Did your --force-renew command have any effect? (Since you may not have an installer alongside your authenticator, you might not notice the renewal on the live site until your web server is restarted, but you should be able to notice it with certbot certificates.)

yeah, the force renew works as expected.

I added apache as the installer as well as authenticator to my conf files, to match the one I already had with apache listed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.