Hooks and automatic renewal

My system: Debian 10, certbot 0.31.0

I just looked if upgrading certbot might solve my problem but there aren't any Debian repositories provided by Let's Encrypt and no Flatpak, so 0.31.0 will have to do. I avoid snapd.

That being said: I need a cert in p12 format. For this I wrote a script that takes the key, the chain and the cert and converts them to pfx/p12. Afterwards, it restarts the service requiring the p12.

Now I want to add a renewal hook. The documentation lacks somewhat in this regard. It seems to discourage the use of /etc/letsencrypt/renewal-hooks/ and its subdirectories. The way to go seems to add the hook to the config file but I cannot find documentation about the supported options and valid values. Yes, I found the warning that manually editing the file might break it which doesn't surprise me considering its documentation. Of course, I could just renew manually and set the --post-hook parameter but I can't do that right now as the cert … … … never mind, there's a --force-renewal option.

In case anyone ever stumbles upon the same problem the hook has been added in this way to the cert's config file:

# Options used in the renewal process
account = <id>
authenticator = nginx
server = https://acme-v02.api.letsencrypt.org/directory
post_hook = /usr/local/bin/pem2pfx.sh

Honestly, I love Let's Encrypt, the EFF and what they've done for the internet. But documentation does not seem to be their strength, and some decisions like the one considering snapd without also supporting flatpak are beyond my understanding.

However, thanks for your attention.

1 Like



1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.