diff --git a/type/__uacme_obtain/man.rst b/type/__uacme_obtain/man.rst
index f1db899..5b4a836 100644
--- a/type/__uacme_obtain/man.rst
+++ b/type/__uacme_obtain/man.rst
@@ -39,6 +39,7 @@ install-key-to
 
 renew-hook
   Renew hook executed on certificate renewal (e.g. `service nginx reload`).
+  If this is '-', then the type's standard input will be used instead.
 
 force-cert-ownership-to
   Override default ownership for TLS certificate, passed as argument to chown.
diff --git a/type/__uacme_obtain/manifest b/type/__uacme_obtain/manifest
index b41ddde..46cdcdb 100644
--- a/type/__uacme_obtain/manifest
+++ b/type/__uacme_obtain/manifest
@@ -109,7 +109,11 @@ export CERT_TARGET
 RENEW_HOOK=
 if [ -f "${__object:?}/parameter/renew-hook" ];
 then
-	RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")"
+	if [ "$(cat "${__object:?}/parameter/renew-hook")" = "-" ]; then
+		RENEW_HOOK="$(cat "${__object:?}/stdin")"
+	else
+		RENEW_HOOK="$(cat "${__object:?}/parameter/renew-hook")"
+	fi
 fi
 export RENEW_HOOK