Argument --renew-hook: conflicts with --deploy-hook value


#1

Hi Guys,

So I have this renewal command:

certbot-auto renew --debug --no-bootstrap --staging --force-renewal --deploy-hook "/etc/init.d/httpd graceful" --renew-hook "touch /etc/letsencrypt/renewed"

The thing is I need to touch a file when renew happend but not when it was provisioned for the first time.
But I’m getting this error Argument --renew-hook: conflicts with --deploy-hook value

Any ideas ?

I know I can do conditions inside my bash script, so just asking.


#2

Ok, I guess my question is not really relevant, I just don’t need there the --deploy–hook argument.
The --renew–hook will only run if the renewal was successful right ? So if certbot doesn’t renew the certificate beacuse the certificate is not yet eligible for renewal the hook will not run. Is that correct ?


#3

Hi @tkd4444,

Yes, that is right, and that is right for --deploy-hook too.

Yes, that is correct, and the same for --deploy-hook.

Keep in mind, --renew-hook is a hidden option since certbot version 0.19 because they deployed a new param called --deploy-hook and this is the one you should use. Both params are doing the “same”, but the main difference is that --renew-hook is only called on renewals and --deploy-hook is called not only on renwals but on new issued certs too.

An example, you want to get a certificate for your new domain superdomain.tld and execute this command /etc/init.d/httpd graceful automatically,

If you execute this command:

certbot-auto certonly -a webroot -w /path/to/webroot -d superdomain.tld --staging --renew-hook "/etc/init.d/httpd graceful"

You will get your certificate but /etc/init.d/httpd graceful command won’t be executed when issuing the cert but it will do in the next renewal.

If you use this command:

certbot-auto certonly -a webroot -w /path/to/webroot -d superdomain.tld --staging --deploy-hook "/etc/init.d/httpd graceful"

You will get your certificate AND /etc/init.d/httpd graceful command will be executed when issuing the cert and in the next renewal it will be executed too.

Edit: I forgot to say that you can use several commands on --deploy-hook if you want:

--deploy-hook "/etc/init.d/httpd graceful ; touch /etc/letsencrypt/renewed"

Cheers,
sahsanu


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.