I used certbot to configure certificates on several Ubuntu 14.04 LTS servers. Everything was working fine until today when I did an apt-get update / apt-get upgrade to upgrade a few packages. During the update process I received the following message:
The default certbot cron hooks have been disabled!
│
│ The global cron hooks as provided by Ubuntu PPA packages would disrupt
│ any custom setup for renewals possibly causing the renewals of the
│ certificates to fail.
│
│ As of 0.12.0 version of the packages, the default cron hooks have been
│ removed. You have two options if you want to keep the existing
│ functionality:
│
│ * Change the default cron job or systemd timers, and add:
│ --pre-hook ‘/bin/run-parts /etc/letsencrypt/pre-hook.d/’
│ --post-hook ‘/bin/run-parts /etc/letsencrypt/post-hook.d/’
│ --renew-hook '/bin/run-parts /etc/letsencrypt/renew-hook.d/‘
│ at the end of the `certbot -q renew’ command.
│
│
│ * Add following lines to every /etc/letsencrypt/renewal/.conf
│ in the [renewalparams] section:
│ post_hook = /bin/run-parts /etc/letsencrypt/post-hook.d/
│ renew_hook = /bin/run-parts /etc/letsencrypt/renew-hook.d/
│ pre_hook = /bin/run-parts /etc/letsencrypt/pre-hook.d/
│ and use the same command line options when issuing a new
│ certificate.
I’m not sure about the best way to proceed, or what caused this issue. Any help would be appreciated.
Did you intentionally create any scripts in pre-hook.d, post-hook.d, or renew-hook.d? If not, this message is not directed to you and you can safely ignore it. It’s not about anything you did but an announcement about a change to Certbot functionality.
No, I didn’t create any scripts there. The message just made it seem to me that the normal renewal process was now broken. Thanks for the clarification!
To be honest, this was a very unfortunate upgrade notice.
You are trying to reach a wide audience. You tell that audience that installing your upgrade will break LetsEncrypt, apparently make it stop doing the most important thing, auto-renewing on your short cycle.
This is not the truth, but how many will understand that (no-one…), and how many will hunt down the truth, apparently only mentioned here? Besides that the manual pop-up will likely not appear for many people, and so your upgrade itself is likely to not be taken?
Somebody besides the coders needs to take charge of what you present for product framing, and for communication, would feel. This comment would apply from the beginning of your public presence. All the gobbletygook about various version and methods for getting and maintaining the certificates has again been not the way to proceed. From myown feeling, anyway, i think you are pushing people away.