From 0f17f6491edc7af0c238f0722347b290228cfe36 Mon Sep 17 00:00:00 2001
From: Thomas Kleinendorst <thomas@kleinendorst.info>
Date: Sat, 20 Jul 2024 15:49:10 +0200
Subject: [PATCH] Add hook which reloads nginx config on cert change

---
 roles/nginx/templates/register_certbot_domain.sh.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/nginx/templates/register_certbot_domain.sh.j2 b/roles/nginx/templates/register_certbot_domain.sh.j2
index 25bbdaf..1ed9957 100644
--- a/roles/nginx/templates/register_certbot_domain.sh.j2
+++ b/roles/nginx/templates/register_certbot_domain.sh.j2
@@ -1,7 +1,9 @@
 #!/bin/bash
+# For the --post-hook argument see: https://stackoverflow.com/questions/70002636/https-certbot-certificate-is-renewed-but-connection-not-secure-till-you-restart
 /snap/bin/certbot certonly \
         --dns-cloudflare \
         --dns-cloudflare-propagation-seconds 120 \
         --dns-cloudflare-credentials '{{ cloudflare_credential_dir_path }}/{{ cloudflare_credential_filename }}' \
+        --post-hook "nginx -s reload" \
         --agree-tos -m {{ administration_email }} \
         -d $1