My system: Debian 10, certbot 0.31.0
I just looked if upgrading certbot might solve my problem but there aren't any Debian repositories provided by Let's Encrypt and no Flatpak, so 0.31.0 will have to do. I avoid snapd.
That being said: I need a cert in p12 format. For this I wrote a script that takes the key, the chain and the cert and converts them to pfx/p12. Afterwards, it restarts the service requiring the p12.
Now I want to add a renewal hook. The documentation lacks somewhat in this regard. It seems to discourage the use of
/etc/letsencrypt/renewal-hooks/ and its subdirectories. The way to go seems to add the hook to the config file but I cannot find documentation about the supported options and valid values. Yes, I found the warning that manually editing the file might break it which doesn't surprise me considering its documentation. Of course, I could just renew manually and set the
--post-hook parameter but I can't do that right now as the cert … … … never mind, there's a
In case anyone ever stumbles upon the same problem the hook has been added in this way to the cert's config file:
# Options used in the renewal process [renewalparams] account = <id> authenticator = nginx server = https://acme-v02.api.letsencrypt.org/directory post_hook = /usr/local/bin/pem2pfx.sh
Honestly, I love Let's Encrypt, the EFF and what they've done for the internet. But documentation does not seem to be their strength, and some decisions like the one considering snapd without also supporting flatpak are beyond my understanding.
However, thanks for your attention.