Environment variables do not show up in manual renewal

My domain is: cinteo.de

I ran this command: /usr/bin/certbot renew --manual --preferred-challenges=http --manual-auth-hook /etc/letsencrypt/renewal-hooks/pre/authenticator.sh --manual-cleanup-hook /etc/letsencrypt/renewal-hooks/post/cleanup.sh --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/deploy.sh --max-log-backups 20 -n --force-renewal

It produced this output:
Error output from authenticator.sh:
/etc/letsencrypt/renewal-hooks/pre/authenticator.sh: line 6: /webserver/dir/.well-known/acme-challenge/: Is a directory

My web server is (include version): The problem does not resolve around the web server

The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Additional:

The authenticator.sh-script looks like:

CERT_DIR="/webserver/dir/.well-known/acme-challenge"
if [ ! -d "$CERT_DIR" ]; then
  mkdir -p "$CERT_DIR"
fi
echo "$CERTBOT_VALIDATION" > "$CERT_DIR/$CERTBOT_TOKEN"

The error you can see above, indicates that the echo command cannot work with the variables. Although the documentation[0] indicates, that there will be those variables injected to the script

[0] https://certbot.eff.org/docs/using.html

I think it’s because of where you put them. Scripts in /etc/letsencrypt/renewal-hooks/pre/ are automatically run as if you specified them with --pre-hook, which has a different interface to --manual-auth-hook. I suspect it’s in that context that it’s producing the error you’re seeing. I’m not totally sure but you could easily test it by moving the script elsewhere. Same goes for /etc/letsencrypt/renewal-hooks/post/ of course.

2 Likes

So you think, I do not need to set the options for the hooks as they are run anyway?

EDIT: OK, this seems to fix the issue…thanks.

1 Like

You don’t need the options for pre/post/deploy hooks, but you do need them for manual auth / cleanup hooks. Glad you got it working!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.