Note: I have a Name-based virtual hosting setup with 500 domains
I do not want to try an invoke my certbot scripts when the certbot renewal script is running.
I think this will work, but, I am not a sysadmin.
If not running break and continue with rest of script
if running, sleep for 30 minutes and check again
Do not run script if counter = 5 - ( I have long running renewal, sometimes > 80 domains renewing)
If you have suggestions, please reply
Script fragment
#!/bin/bash
COUNTER=0
while :
do
if pgrep -x certbot >/dev/null
then
echo "certbot is running"
else
echo "certbot is not running"
break
fi
echo The counter is $COUNTER
let COUNTER=COUNTER+1
if [ $COUNTER -eq 5 ]
then
exit 1
break
fi
sleep 30m
done
I used to use something like your script until I learned how certbot webroot mode works (webroot is fantastic). You may want to check that out instead.
I believe Certbot already uses lock files to prevent multiple instances from running. See the "Lock Files" section of the documentation.
When processing a validation Certbot writes a number of lock files on your system to prevent multiple instances from overwriting each other’s changes. This means that by default two instances of Certbot will not be able to run in parallel.
Thanks for your reply. I believe I had a case where my jobs that invoke certbot conflicted with the certbot renew process. My job gave an error and skipped the step. All my other steps are dependent on that certbot step completing. So I submitted this code fragment as an example of waiting for another instance of certbot to complete, before trying to run. Does that make sense? I am not a python guy, or I would try and look up what happens when and what message is given if you try and run 2 instances at the same time. I changed the wording of the initial post to say I did not want to try and invoke my scripts if another instance of certbot is running
I ran into a glitch and had to use webroot.
I request certs like this
$cmd1 = 'certbot certonly -n --webroot -w /var/www/html --agree-tos -d ’ . $ourhost . ’ -d ’ . $ourhostwww;
But, the real issue I have is I have 500 domains pointing to one ip. I generate a list of the current domains I control (done by others) and compare with the certs I have - from this
certbot certificates > Certs_txt
The above command takes 40 seconds to run. I have a couple fo renew days where 85 or domains are renewing. Around 360+ days out of the year, I don’t have an issue. A couple of days the renews run for a long time, so I am trying to make sure I don’t try and run when the renew is running. Thanks for the reply
This sounds like a scenario where you might have a better time integrating an ACME client intended to be used programmatically as a library instead of one that is meant for end users to use as a command line tool. You mention you aren't a Python coder. What are your existing systems written in?
I use PHP (LAMP) for most of my web work. I am happy that the letsencrypt engineers have done all the heavy lifting. I believe I have a fairly unusual case. For the next iteration, using an API would be an option. I created the little script to work around a potential problem, and shared it here, so that maybe it might help someone else, and someone who has forgotten more about this than I will ever know might have a suggestion. I want to thank all of the folks who have helped me. Today and in the past. P.S. I am a one man band. Wrote my first bash script in 5 minutes, took me a day to figure out that I had to put a . in front of get it to execute. Bash and I have never really gotten along.