Letsencrypt: restart service using systemd
Thursday, 19 December 2019
If, for some reason, certbot's --renew-hook argument is not an option, you can use systemd to automatically restart any service whenever a certificate is renewed.
You need two files:
/etc/systemd/system/cerbot-watch@.service
[Unit]
Description=Certbot service restarter
After=network.target
[Service]
Type=oneshot
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/systemctl restart %i.service
[Install]
WantedBy=multi-user.target
/etc/systemd/system/cerbot-watch@.path
[Path]
PathModified=/etc/letsencrypt/live/
PathModified=/etc/letsencrypt/live/DOMAINNAME/
# Add one entry here for every certificate that should be monitored
[Install]
WantedBy=multi-user.target
After changing these files, execute systemctl daemon-reload to notify systemd of the changes. Now you can start a "restart trigger" for each service you want to:
$ sudo systemctl start certbot-watch@postfix.path $ sudo systemctl start certbot-watch@dovecot.path
The "sleep 10" argument in ExecStartPre ensures that the restart is triggered only once even if multiple files where changed.