Renewing certs works fine but the deploy hook doesn't want to execute. There's nothing in the logs. Should
I place script in /renewal-hooks/deploy/ and remove the hook from cronjob?
crontab job:
certbot renew --deploy-hook /root/certs.sh
The deploy-hook only runs when a new cert is issued. Was one?
Do the permissions for the hook script allow it to run as same user as certbot is?
3 Likes
New certs were issued.
Honestly I don't now how to give a specific user permission to run. Script is owned by root. Now I gave permission to run by all others and moved it out of /root. Maybe this will help?
Depending how you installed Certbot, it's possible that there was a different cronjob that executed first, without the --deploy-hook flag.
For example, if you installed Certbot via snap or apt, there is a preinstalled cronjob that may run before yours.
For this reason, it is better to:
- use the
/etc/letsencrypt/renewal-hooks/directory, or - set the
--deploy-hookwhile issuing the certificate, or - by setting
deploy-hookin/etc/letsencrypt/cli.ini, or - setting
renew_hookin the certificate-specific renewal parameters file in/etc/letsencrypt/renewal/*.conffile
If there was a permissions issue, there would most likely be something in the Certbot log file about it.
3 Likes
I moved the script to /etc/letsencrypt/renewal-hooks/deploy. We'll see in a month or so if that works.
You'll probably want to move it to /etc/letsencrypt/renewal-hooks/deploy/.
2 Likes
Note that the script needs to be executable. See man chmod about how to change that.
2 Likes
Yes I did. I just missed it in my previous post.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.