Systemd – How do I automatically reload a unit, when another oneshot service is fired by timer?

Alex Forbes asked:

I have two units, nginx.service and certbot.service, provided by their respective Debian packages:

nginx.service:

[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed

[Install]
WantedBy=multi-user.target

certbot.service:

[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true

And a timer, certbot.timer (also provided by the certbot deb package):

[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true

[Install]
WantedBy=timers.target

These all work fine.

The problem, is that I need to reload nginx when the timer fires for nginx to see the new certificates (systemctl reload nginx).

I know I can do systemctl edit certbot.service, and add:

[Service]
ExecStartPost=/bin/systemctl reload nginx

In fact, this is what I’ve done, but it’s a kludge. Is there any way to achieve this with native systemd dependencies? The tricky thing is triggering reload only and not a full blown restart.

My answer:


You can just add a deploy hook (not a post hook; you only need to do this if a cert is deployed) directly to the certbot configuration for your domain, in /etc/letsencrypt/renewal/example.com.conf.

In the [renewal] section, add a line like:

deploy_hook = systemctl reload nginx

That is all. You don’t need to do strange things to the systemd units.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.