Definitive version of script to act as deploy-hook on macOS Server (High Sierra)

The script I wrote (based in part on what was published in these forums and elsewhere) to automate cleanly using certbot on macOS Server is now on GitLab. You can download it with:

Tested on High Sierra and I’ve had one report it also runs correctly on another version. There is an older version of this script in a thread here somwhere but it has a bug. It won’t work when certbot is run from cron because of a missing PATH entry)


Script to have automatic (clean) deployment of renewed letsencrypt certificates

This script should be installed as


on macOS Server. Permissions should be set to 755.

If you now run (as root)

certbot renew

(or on any install of a new cert), this script will automatically run if a new certificate has been installed. It will correctly install the new cert in Server Admin and the System Keychain. It will remove the previous cert if it is no longer in use by Server Admin.

If you have the following in your root crontab:

? ? * * * /usr/local/bin/certbot -n renew >>/var/log/certbot.log 2>&1

(replace question marks with minute-of-the-hour and hour you want certbot to attempt to renew), it will run once a day, and when a certificate has been renewed, it will installed.

See the script itself for more documentation.

BSD style license and no warranty whatsoever. See script.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.