How to renewal a certificate and execute a script?

Andrei9385 · December 25, 2020, 11:35am

Hello. I am new to Linux.

I have issued a certificate. The command line tells me that in order to renew the certificate, I must execute the renewal certificate. I also have a script that copies certificates.

How do I add certificate renewal and execution of my script to the task scheduler?

Like this ? Some examples:

0 0 0 ? * * * certbot certonly post-hook /opt//script.sh
or
0 0 0 ? * * *certbot certonly && /opt//script.sh
or
0 0 0 ? * * *certbot certonly post-hook /opt//script.sh
or
0 0 0 ? * * *certbot certonly post-hook && /opt//script.sh

JuergenAuer · December 25, 2020, 11:38am

Hi @Andrei9385

if you use Certbot, there are some Certbot command line and script options you can use.

See

pre-and-post-validation-hooks

and --deploy-hook

Andrei9385 · December 25, 2020, 1:27pm

Why i got error ?

root@certbot:~# certbot renew --cert-name vpn.ladesol-tambov.com --force-renewal --deploy-hook /opt/letsencrypt-routeros/letsencrypt-routeros.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/vpn.ladesol-tambov.com.conf

Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (vpn.ladesol-tambov.com) from /etc/letsencrypt/renewal/vpn.ladesol-tambov.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vpn.ladesol-tambov.com/fullchain.pem (failure)

rg305 · December 25, 2020, 2:28pm

Please show this file:

schoen · December 26, 2020, 4:43am

A deploy hook is not sufficient to perform a renewal with --manual; you also need an auth hook.

The deploy hook is used to copy the certificates after they're obtained, while the auth hook is used to satisfy the certificate authority's challenges in order to permit the certificate to be issued.

system · January 25, 2021, 4:55am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.