I have a machine that I dedicated it as (I call it) "certbot server," and this certbot server has a sole task to generate letsencrypt certs and distribute them to the other web servers that need the certificates.
/snap/bin/certbot --manual certonly --preferred-challenges dns --csr /home/fathir/cethul-rpx/cethul-wildcard-01.csr --manual-auth-hook /home/fathir/auth-hook-wpmu-rpx.sh --manual-cleanup-hook /home/fathir/cleanup-hook-cethul-rpx-wildcard01.sh
auth-hook-wpmu-rpx.sh has a task to update my DNS, and the
cleanup-hook-cethul-rpx-wildcard01.sh has a job to update my web servers' certificate.
Both scripts work well when I run it in
--dry-run mode; even though I must simulate the creation of
0001_chain.pem, the following script can run nicely.
And then, when I run without
--dry-run, the process stops right after certbot writing cert into the disk. My following script on manual-cleanup-hook didn't get executed like expected.
of course, if I run the script manually after the certbot is complete like this:
/snap/bin/certbot --manual certonly --preferred-challenges dns --csr /home/fathir/cethul-rpx/cethul-wildcard-01.csr --manual-auth-hook /home/fathir/auth-hook-wpmu-rpx.sh ; bash /home/fathir/cleanup-hook-cethul-rpx-wildcard01.sh
These syntaxes fulfilled my intention about how the "certbot server" works as a certs generator.
My question here is, "why the --manual-cleanup-hook not working. What have I done wrong?"
my web servers are apache and nginx
My web servers' OS was mostly Linux, varying between Ubuntu, Debian, and Centos, with variety in its release version.
I have root-level access on each server I manage. I distribute the certs via scp.
The certbot version I use is 1.19.0