diff --git a/doc/guix.texi b/doc/guix.texi index 732abceb0f..c71d7e94cf 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32562,21 +32562,13 @@ A service type for the @code{certbot} Let's Encrypt client. Its value must be a @code{certbot-configuration} record as in this example: @lisp -(define %certbot-deploy-hook - (program-file "certbot-deploy-hook.scm" - (with-imported-modules '((gnu services herd)) - #~(begin - (use-modules (gnu services herd)) - (with-shepherd-action 'nginx ('reload) result result))))) - (service certbot-service-type (certbot-configuration (email "foo@@example.net") (certificates (list (certificate-configuration - (domains '("example.net" "www.example.net")) - (deploy-hook %certbot-deploy-hook)) + (domains '("example.net" "www.example.net"))) (certificate-configuration (domains '("bar.example.net"))))))) @end lisp diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 10b99f5630..cb1be0c0e9 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -100,9 +100,11 @@ overwrite the initial self-signed certificates upon the first successful deploy." (program-file (string-append name "-deploy-hook") - (with-imported-modules '((guix build utils)) + (with-imported-modules '((gnu services herd) + (guix build utils)) #~(begin - (use-modules (guix build utils)) + (use-modules (gnu services herd) + (guix build utils)) (mkdir-p #$(string-append "/etc/certs/" name)) (chmod #$(string-append "/etc/certs/" name) #o755) @@ -120,6 +122,10 @@ deploy." #$(string-append "/etc/certs/" name "/privkey.pem")) (rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new") #$(string-append "/etc/certs/" name "/fullchain.pem")) + + ;; With the new certificates in place, tell nginx to reload them. + (with-shepherd-action 'nginx ('reload) result result) + #$@(if deploy-hook-script (list #~(invoke #$deploy-hook-script)) '())))))