A post_hook
will run each and every time cerfbot
is executed.
What you want is for it to run only when the cert(s) are actually renewed.
ah, thank you rg305, wasn't aware of the differences, now understood, I have changed the renew config to use deploy_hook instead of post_hook.
thanks,
Did you test the deploy_hook
value? Because:
Maybe Certbot tolerates both. I only looked at what Certbot set in renewal conf when given that command option.
Generally it is better to let certbot update its own config files. Doing so manually can result in subtle problems.
I repeated the dry run, and it didn't fail, though I wont know for sure until December whether the scheduled automated renewal runs without failure, but vsftpd wasn't restarted this time, so looking good.
cert not due renewal yet, will update this ticket following next scheduled renewal
It seems to have renewed itself on Nov 18:
Please show:
certbot certificates
Hi rg305,
yes you are quite correct, I checked the wrong site.
I can confirm all certs were automatically renewed and the vsftp service restarted as part of the automation.
this ticket can now be archived.
thanks everybody for your assistance in resolving my woes.