Feature: Allow executing command post TLS cert renewal

[artemislena]

It would be nice if there was a directive that allowed one to automatically execute a command (that is forked into the background) whenever a certificate is renewed. This would be useful for various purposes:

• One may distribute the cert to other machines if those run other things on the same domain
• One may check that the CT chain is valid so far and no other certs have been issued for the domain other than the ones one issued oneself (while I'm not aware of such a tool existing, I'm considering writing a program or script that does this)
• One may update TLSA records

So, what I'm picturing is something like this:

somedomain.com {
    # Some other config
    tls {
        post_renewal_exec /path/to/myscript.sh
    }
}

It may be that this requires changes to the CertMagic library. I'm not too familiar with the entire architecture myself, so I thought I'd ask here first.

[francislavoie]

Duplicate of #3643

It's most likely we'll implement a generalized event system that this will plug into, emitting events on issuance/renewal etc

[artemislena]

Oh. I just searched for tls in the issues, so didn't see that one. I'll close this, then.