Certbot: deploy certificate to Prosody upon renewal

Certbot, developed by EFF, is a popular and easy-to-use ACME client to request and deploy SSL/TLS certificates from Let’s Encrypt.

On Ubuntu 16.04 and later systems, a systemd timer, instead of a cron job, is used to schedule automatic renewal of certificates through the certbot.service unit file.

Starting from version 0.10, Prosody has the ability to import certificates from the local letsencrypt certificate store. To deploy the certificate to Prosody automatically upon renewal, edit /lib/systemd/system/certbot.service to add a --deploy-hook to the renewal command:

ExecStart=/usr/bin/certbot -q renew --deploy-hook "prosodyctl --root cert import /etc/letsencrypt/live"

and then reload the systemd daemon:

# systemctl daemon-reload


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.