diff --git a/roles/step_acme_cert/defaults/main.yml b/roles/step_acme_cert/defaults/main.yml
index c440f106..cd81489d 100644
--- a/roles/step_acme_cert/defaults/main.yml
+++ b/roles/step_acme_cert/defaults/main.yml
@@ -25,4 +25,6 @@ step_acme_cert_keyfile_defaults:
 
 step_acme_cert_renewal_service: step-renew
 #step_acme_cert_renewal_when: 8h
+step_acme_cert_post_renewal_shell: "/bin/sh"
+step_acme_cert_post_renewal_commands: []
 step_acme_cert_renewal_reload_services: []
diff --git a/roles/step_acme_cert/tasks/renewal.yml b/roles/step_acme_cert/tasks/renewal.yml
index a0cf31c4..fcaf8009 100644
--- a/roles/step_acme_cert/tasks/renewal.yml
+++ b/roles/step_acme_cert/tasks/renewal.yml
@@ -6,6 +6,14 @@
   changed_when: no
   check_mode: no
 
+- name: Post renewal hook script is present
+  template:
+    src: step-post-renew-hook.sh.j2
+    dest: "{{step_cli_steppath}}/{{ step_acme_cert_renewal_service }}_post.sh"
+    owner: root
+    group: root
+    mode: 0744
+
 - name: Renewal service is installed
   template:
     src: step-renew.service.j2
diff --git a/roles/step_acme_cert/templates/step-post-renew-hook.sh.j2 b/roles/step_acme_cert/templates/step-post-renew-hook.sh.j2
new file mode 100644
index 00000000..c371430e
--- /dev/null
+++ b/roles/step_acme_cert/templates/step-post-renew-hook.sh.j2
@@ -0,0 +1,12 @@
+#!{{ step_acme_cert_post_renewal_shell }}
+####### added by ansible: maxhoesel.smallstep.step_acme_cert - changes will be overwritten #######
+set -eu
+export STEP_CLI="{{ step_cli_executable_absolute.stdout }}"
+export CERT_FILE="{{ step_acme_cert_certfile_full.path }}"
+export KEY_FILE="{{ step_acme_cert_keyfile_full.path }}"
+{% for command in step_acme_cert_post_renewal_commands -%}
+{{ command }}
+{% endfor -%}
+{% if step_acme_cert_renewal_reload_services -%}
+systemctl try-reload-or-restart {{ step_acme_cert_renewal_reload_services | join(' ') }}
+{% endif -%}
diff --git a/roles/step_acme_cert/templates/step-renew.service.j2 b/roles/step_acme_cert/templates/step-renew.service.j2
index f8030ee9..8c9082f9 100644
--- a/roles/step_acme_cert/templates/step-renew.service.j2
+++ b/roles/step_acme_cert/templates/step-renew.service.j2
@@ -9,7 +9,7 @@ Type=simple
 Restart=always
 RestartSec=1
 Environment=STEPPATH={{ step_cli_steppath }}
-ExecStart={{ step_cli_executable_absolute.stdout }} ca renew {{ step_acme_cert_certfile_full.path }} {{ step_acme_cert_keyfile_full.path }} --daemon --force{% if step_acme_cert_renewal_when is defined %} --expires-in {{ step_acme_cert_renewal_when }}{% endif %}{% if step_acme_cert_renewal_reload_services %} --exec "systemctl try-reload-or-restart {{ step_acme_cert_renewal_reload_services | join(' ') }}"{% endif %}
+ExecStart={{ step_cli_executable_absolute.stdout }} ca renew {{ step_acme_cert_certfile_full.path }} {{ step_acme_cert_keyfile_full.path }} --daemon --force{% if step_acme_cert_renewal_when is defined %} --expires-in {{ step_acme_cert_renewal_when }}{% endif %}{% if step_acme_cert_post_renewal_commands or step_acme_cert_renewal_reload_services %} --exec "{{ step_acme_cert_post_renewal_shell }} {{ step_cli_steppath }}/{{ step_acme_cert_renewal_service }}_post.sh"{% endif %}
 
 [Install]
 WantedBy=multi-user.target