`certbot renew` overwriting renewal file

pitrou · April 11, 2020, 10:13am

Hello,

I’m trying to setup a custom deploy hook in one of my renewal configuration files, like this:

deploy_hook = /some/script.sh

However, as soon as I run certbot renew --cert-name <cert_name> --force-renewal to test it, the configuration file seems to be overwritten and the configuration line is lost. The certificate is renewed, but the deploy hook isn’t run.

How do I specify a per-certificate deploy hook in my configuration?

This is with certbot 0.31.0 (from Debian package 0.31.0-1 on Debian 10.3).

9peppe · April 11, 2020, 10:50am

the syntax is a bit different:

renew_hook = systemctl reload lighttpd # or whatever command you want.

mnordhoff · April 11, 2020, 11:21am

It’s renew_hook with an underscore in /etc/letsencrypt/renewal/.

/etc/letsencrypt/cli.ini would use hyphens (and likely deploy-hook).

pitrou · April 11, 2020, 11:37am

Hmm... I see. It would be nice if certbot warned about the unrecognized config entry, instead of silently removing it, though :-/

Edit: I can't check this works fully for now, since I've hit rate limits on this certificate.

9peppe · April 12, 2020, 8:33am

this is… not well documented.

pitrou · April 19, 2020, 9:28am

Ok, it seems to work finally!

system · May 19, 2020, 9:43am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate config contains old renewal hook values Help	9	525	July 26, 2023
Post-renewal script is run, even though the cert couldn't be renewed Help	5	460	June 7, 2023
Changing remembered hooks for renewals Server	1	2114	December 13, 2017
Certbot renew for cockpit web interface Help	20	2976	April 1, 2021
Certbot: changing deploy-hook Help	11	10408	December 18, 2020

`certbot renew` overwriting renewal file

Related topics