From f0a0060c62a422be057a5fc3eb4008de25d3d251 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Wed, 20 Apr 2022 19:32:14 +0300
Subject: [PATCH] postgres: fix letsencrypt renewal hook

It was using a nonexistent target path when copying the renewed cert and
was not reloading postgresql.service in order for it to reload the certs.
---
 roles/postgres/templates/letsencrypt.hook.d.j2 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/postgres/templates/letsencrypt.hook.d.j2 b/roles/postgres/templates/letsencrypt.hook.d.j2
index 5bd05178d..afae9e3c3 100644
--- a/roles/postgres/templates/letsencrypt.hook.d.j2
+++ b/roles/postgres/templates/letsencrypt.hook.d.j2
@@ -7,9 +7,13 @@ postgres_domain="{{ inventory_hostname }}"
 for domain in $RENEWED_DOMAINS; do
     case "$domain" in
         $postgres_domain)
-            for pem in /etc/letsencrypt/live/$postgres_domain/{privkey,fullchain,chain}.pem; do
-                install -o postgres -g postgres -m 400 $pem /var/lib/postgres/data/$pem
+            for pem in {privkey,fullchain,chain}.pem; do
+                install -o postgres -g postgres -m 400 \
+                    /etc/letsencrypt/live/$postgres_domain/$pem \
+                    /var/lib/postgres/data/$pem
             done
+            systemctl reload postgresql
+            break
             ;;
     esac
 done
-- 
GitLab