Letsencrypt: restart service using systemd
Thursday, 19 December 2019
If, for some reason, certbot's --renew-hook argument is not an option, you can use systemd to automatically restart any service whenever a certificate is renewed.
You need two files:
[Unit] Description=Certbot service restarter After=network.target [Service] Type=oneshot ExecStartPre=/bin/sleep 10 ExecStart=/usr/bin/systemctl restart %i.service [Install] WantedBy=multi-user.target
[Path] PathModified=/etc/letsencrypt/live/ PathModified=/etc/letsencrypt/live/DOMAINNAME/ # Add one entry here for every certificate that should be monitored [Install] WantedBy=multi-user.target
After changing these files, execute systemctl daemon-reload to notify systemd of the changes. Now you can start a "restart trigger" for each service you want to:
$ sudo systemctl start firstname.lastname@example.org $ sudo systemctl start email@example.com
The "sleep 10" argument in ExecStartPre ensures that the restart is triggered only once even if multiple files where changed.