On Fri, 9 Oct 2020, David Morsberger wrote:
Both the renew hook and post hook are good candidates for our reload
script. Each has a downside however. The post hook will be run after
every renewal attempt, regardless of if anything was actually renewed
or not. This will result in the services being reloaded many times for
no reason.
An alternative to using certbot hooks is to use an inotify based tool
(available for most Linux based OS). A certificate update triggers
a restart script. For example,
https://linux.die.net/man/5/incrontab
The renew hook only runs if a certificate was successfully renewed, but
it will be run once for each certificate. This could mean reloading
services multiple times if you have multiple certificates. If you only
have a single certificate however it'll work great.
For this case, I think you need a periodic (cron) process, restart rather
than a synchronous process, that will check certs and restart/reload once per
day/week/whatever. This is the method I use as my LE certificates are obtained
via DNS challenges on a different host.
Joseph Tam <jtam.h...@gmail.com>
