Clarification About Certbot Hooks After Upgrading to Cerbot 0.12.0

I used certbot to configure certificates on several Ubuntu 14.04 LTS servers. Everything was working fine until today when I did an apt-get update / apt-get upgrade to upgrade a few packages. During the update process I received the following message:

The default certbot cron hooks have been disabled!
│
│ The global cron hooks as provided by Ubuntu PPA packages would disrupt
│ any custom setup for renewals possibly causing the renewals of the
│ certificates to fail.
│
│ As of 0.12.0 version of the packages, the default cron hooks have been
│ removed. You have two options if you want to keep the existing
│ functionality:
│
│ * Change the default cron job or systemd timers, and add:
│ --pre-hook ‘/bin/run-parts /etc/letsencrypt/pre-hook.d/’
│ --post-hook ‘/bin/run-parts /etc/letsencrypt/post-hook.d/’
│ --renew-hook '/bin/run-parts /etc/letsencrypt/renew-hook.d/‘
│ at the end of the `certbot -q renew’ command.
│
│
│ * Add following lines to every /etc/letsencrypt/renewal/.conf
│ in the [renewalparams] section:
│ post_hook = /bin/run-parts /etc/letsencrypt/post-hook.d/
│ renew_hook = /bin/run-parts /etc/letsencrypt/renew-hook.d/
│ pre_hook = /bin/run-parts /etc/letsencrypt/pre-hook.d/
│ and use the same command line options when issuing a new
│ certificate.

I’m not sure about the best way to proceed, or what caused this issue. Any help would be appreciated.

Hi @carmex,

Did you intentionally create any scripts in pre-hook.d, post-hook.d, or renew-hook.d? If not, this message is not directed to you and you can safely ignore it. It’s not about anything you did but an announcement about a change to Certbot functionality.

No, I didn’t create any scripts there. The message just made it seem to me that the normal renewal process was now broken. Thanks for the clarification!

To be honest, this was a very unfortunate upgrade notice.

You are trying to reach a wide audience. You tell that audience that installing your upgrade will break LetsEncrypt, apparently make it stop doing the most important thing, auto-renewing on your short cycle.

This is not the truth, but how many will understand that (no-one…), and how many will hunt down the truth, apparently only mentioned here? Besides that the manual pop-up will likely not appear for many people, and so your upgrade itself is likely to not be taken?

Somebody besides the coders needs to take charge of what you present for product framing, and for communication, would feel. This comment would apply from the beginning of your public presence. All the gobbletygook about various version and methods for getting and maintaining the certificates has again been not the way to proceed. From myown feeling, anyway, i think you are pushing people away.

hi @narration-sd

I agree with you in some regards. The release notes are very broad and point to github which involves going through issues

On the other hand upgrades and dealing with them gracefully is something users should do (in my opinion) their own testing before upgrading

Andrei

So just to be extra clear about this upgrade message: I did not set up any hooks but I did setup my crontab to incude

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log

Will this still work after the upgrade?

(Yes, I do have both letsencrypt and certbot installed because I was not aware that they are the same)

@tophee, it should still work if it was working before; the only change was in how hooks are handled.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.