Using certbot-auto my certificates are renewed correctly, but post hook is not being triggered. However, running renew in
--dry-run mode the
post-hook is executed as it can be seen in the logs.
Works, but no hook information in the logs:
certbot-auto renew --noninteractive --no-self-upgrade --post-hook "service nginx reload"
Production log last entries:
2020-10-16 19:08:02,577:DEBUG:acme.client:Storing nonce: 0003HtifmEfWMkdVK9YDH4EAl2vSwJyFJIhX1VSxvLVcHAY
2020-10-16 19:08:02,578:DEBUG:certbot._internal.storage:Writing new private key to /etc/letsencrypt/archive/example.com/privkey2.pem.
2020-10-16 19:08:02,578:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/archive/example.com/cert2.pem.
2020-10-16 19:08:02,578:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/archive/example.com/chain2.pem.
2020-10-16 19:08:02,578:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/archive/example.com/fullchain2.pem.
2020-10-16 19:08:02,658:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2020-10-16 19:08:02,658:DEBUG:certbot._internal.cli:Var installer=nginx (set by user).
2020-10-16 19:08:02,658:DEBUG:certbot._internal.cli:Var authenticator=nginx (set by user).
2020-10-16 19:08:02,659:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/example.com.conf.new.
2020-10-16 19:08:02,662:DEBUG:certbot._internal.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2021-01-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew all of $
2020-10-16 19:08:02,662:DEBUG:certbot._internal.reporter:Reporting to user: If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
However, in dry run mode, the
Running post-hook command line is included in the log:
2020-10-16 21:05:45,389:DEBUG:acme.client:Storing nonce: 0003XdjTtTkGC6v8TTNCw2FCVehwQm3STQo7XYTYWmpJuPc
2020-10-16 21:05:45,390:DEBUG:certbot._internal.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/example.com
2020-10-16 21:05:45,390:DEBUG:certbot._internal.updater:Skipping renewal deployer in dry-run mode.
2020-10-16 21:05:46,408:DEBUG:certbot._internal.updater:Skipping updaters in dry-run mode.
2020-10-16 21:05:46,409:DEBUG:certbot._internal.renewal:no renewal failures
2020-10-16 21:05:46,409:INFO:certbot.compat.misc:Running post-hook command: service nginx reload
As a consequence of this inconsistent behavior nginx is not being reloaded after a new certificate is issued, so a manual reload is needed.
Anything wrong in my commands?
Any idea why the post hook command being executed only in dry run mode?
Any help would appreciated.
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS
I can login to a root shell on my machine (yes or no, or I don't know):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
$ certbot-auto --version