Howto script certbot running hooks only once


#1

I have some domains with certificates.
Now l want a script which could run only once pre hook (e.g. stop httpd, delete old certs). Then checks/renew all certs. After certbot has all done, then there should be run only one post hook (e.g. restart httpd, postfix, dovecot, copy files…)

Is that possible, perhaps with an example?

Mandy thanks.


#2

If you’re running a recent enough version of certbot, just drop your before script in /etc/letsencrypt/renewal-hooks/pre and your after script in /etc/letsencrypt/renewal-hooks/post.

(If these two directories exist on your system then they’ll work. If they’re not there, it’s too old.)

If you’re running an older version of certbot, you have to instruct certbot to run the hooks when issuing the certificate, e.g.:

certbot certonly --standalone -d domain1.com,www.domain1.com --pre-hook /usr/local/bin/certbot-pre.sh --post-hook /usr/local/bin/certbot-post.sh
certbot certonly --standalone -d domain2.com,www.domain2.com --pre-hook /usr/local/bin/certbot-pre.sh --post-hook /usr/local/bin/certbot-post.sh

Even though you have to define it for every certificate you want it to run for, certbot will only call it once as long as the commands are identical.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.