MDMessageCmd and MDNotifyCmd Alternative

[jmwebservices]

I am trying to set up an automatic server restart when a certificate is renewed or installed for the first time. The strategy I would like to employ is to use mod_md's notification directives to place a file on the file system so that a cron job running as root would recognize the file, trigger a server restart and then remove the file. Unfortunately, I cannot use MDMessageCmd or MDNotifyCmd because I am not allowed to place an additional script on the file system and grant it with apache child permissions. Since MDNotifyCmd tokenizes the supplied value, I cannot do the following which would be a solution:

MDNotifyCmd touch /tmp/apache_restart && /bin/true

A possible workaround, which I would like confirmation, is to monitor the staging directory for the presence of either privkey.pem or pubcert.pem files. Would it be correct to assume that if either file exists in the staging directory, then a certificate is ready to be installed upon a server restart?

Thanks!

[jmwebservices]

I think I found the answer to my question in Testing.md.

The files privkey.pem and pubcert.pem are created when the ACME server was happy and issued a certificate. If that was indeed the case, you can activate it by reloading the server.

If I understand correctly, the presence of privkey.pem and pubcert.pem indicates a successful certificate issuance (initial or renewal). I can then set a cron job for root like the following:

ls /etc/apache2/md/staging/*/pubcert.pem > /dev/null 2>&1 && systemctl reload apache2

[icing]

That would be one way to go about this, yes.