From f6520a97cde1907fd610b01b22bc931cfd9d6b4a Mon Sep 17 00:00:00 2001
From: Alex Vandiver <alexmv@zulip.com>
Date: Fri, 10 Dec 2021 14:34:41 -0800
Subject: [PATCH] setup-certbot: Reinstate nginx reload after installation.

If nginx was already installed, and we're using the webroot method of
initializing certbot, nginx needs to be reloaded.  Hooks in
`/etc/letsencrypt/renewal-hooks/deploy/` do not run during initial
`certbot certonly`, so an explicit reload is required.
---
 scripts/setup/setup-certbot | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scripts/setup/setup-certbot b/scripts/setup/setup-certbot
index 5bd524ef7e..610365ce7d 100755
--- a/scripts/setup/setup-certbot
+++ b/scripts/setup/setup-certbot
@@ -125,4 +125,12 @@ if [ -z "$skip_symlink" ]; then
     symlink_with_backup "$CERT_DIR"/fullchain.pem /etc/ssl/certs/zulip.combined-chain.crt
 fi
 
+# "certbot certonly" does not run deploy hooks, so reload nginx if
+# need be to pick up the new certificate.
+case "$method" in
+    webroot)
+        service nginx reload
+        ;;
+esac
+
 echo "Certbot SSL certificate configuration succeeded."