We have a docker registry running in a docker container.
On each renewal I have to copy the certificates from
/etc/letsencrypt/live/my-domain/fullchaim.pem
to
/home/username/docker/certs/
and restart docker container
So far i used:
certbot renew --standalone
cp /etc/letsencrypt/live/my-domain/privkey.pem /home/user/docker/certs/privkey.pem
cp /etc/letsencrypt/live/my-domain/fullchain.pem /home/user/docker/certs/fullchain.pem
cd /home/user/docker; docker-compose restart
This was succesful.
I want to automate this with the manual-auth-hook parameter.
/lib/systemd/system/certbot.service
[Unit]
Description=Certbot
…
[Service]
Environment=“HTTPS_PROXY=http://my-proxy:xxxx”
Type=oneshot
ExecStart=/usr/bin/certbot -q renew --manual-auth-hook /home/user/copy-certificates-restart-docker.sh
PrivateTmp=true
/lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily
[Timer]
OnCalendar=--* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true
[Install]
WantedBy=timers.target
/home/user/copy-certificates-restart-docker.sh
#!/bin/bash
cp /etc/letsencrypt/live/my-domain/privkey.pem /home/user/docker/certs/privkey.pem
cp /etc/letsencrypt/live/my-domain/fullchain.pem /home/user/docker/certs/fullchain.pem
cd /home/user/docker
docker-compose restart
This does not work because certificates are up to date and a --force-renewal
does not work (proxy-issues)
I guess this would be the much more elegant way.
I tried to change the cert-path to the right place with:
certbot --force-renewal --cert-path /home/user/docker/certs/ --standalone renew
This fails with:
…
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dockerregistry.my-domain/fullchain.pem (failure)
So it did -not- recognize the --cert-path parameter.
Did anyone change the default cert-path to a docker directory with success?
The operating system my web server runs on is (include version):
Ubuntu 9
The version of my client: 0.31.0
any help is appreciated,
Bodo