Letsencrypt: restart service using systemd

If, for some reason, certbot's --renew-hook argument is not an option, you can use systemd to automatically restart any service whenever a certificate is renewed.

You need two files:

/etc/systemd/system/cerbot-watch@.service

[Unit]
Description=Certbot service restarter
After=network.target

[Service]
Type=oneshot
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/systemctl restart %i.service

[Install]
WantedBy=multi-user.target

/etc/systemd/system/cerbot-watch@.path

[Path]
PathModified=/etc/letsencrypt/live/
PathModified=/etc/letsencrypt/live/DOMAINNAME/
# Add one entry here for every certificate that should be monitored

[Install]
WantedBy=multi-user.target

After changing these files, execute systemctl daemon-reload to notify systemd of the changes. Now you can start a "restart trigger" for each service you want to:

$ sudo systemctl start certbot-watch@postfix.path
$ sudo systemctl start certbot-watch@dovecot.path

The "sleep 10" argument in ExecStartPre ensures that the restart is triggered only once even if multiple files where changed.