I have to say I'm totally baffled since I do nothing when LetsEncrypt renews the certificate.
I know the cert has been updated because the mail clients asks me if I trust the certificate.
If it makes a difference I use the bash LetsEncrypt not the Python code.
I don't like all those dependencies certbot (python) installs, but it works flawlessly on CentOS. On CentOS 8 you need to enable the EPEL *and* PowerTools repositories (/etc/yum/repos.d/...)
I've attached a small perl script that I call via cron 30 minutes after certbot starts which reloads services if necessary.
Best regards Gerald
#!/usr/bin/perl
my $reload;
open(FF, "find /etc/letsencrypt/live -mtime -1 -name cert.pem |"); while(<FF>){ chomp; next if !$_; $reload++; } close(FF);
if($reload){ system("/usr/bin/systemctl reload httpd"); system("/usr/bin/systemctl reload postfix"); system("/usr/bin/systemctl reload dovecot");
}