Integer value output for certbot


#1

If I am not mistaking, currently, there is no way to force certbot to return integer value output for either success or failure conditions. It would be good to have such 0 - success, 1 - error mode so that it enables automation script development in a more conventional manner.

Meanwhile, perhaps someone could suggest a workaround where given the certbot certonly command is issued, one can obtain the result and parse it in a boolean manner to guide the script logic to appropriate paths’s?


#2

This is a snippet from my renewal script:

$LETSOP --rsa-key-size 4096 --webroot --webroot-path $WWWR -d $HOST
RETCOD=$?
fusermount -u $WWWR
if [ $RETCOD -ne 0 ]
then
echo ------------------------- failed
else
echo good

This dates back to before letsencrypt-auto had the renewal feature (and was not called certbot). It does indeed return 0 if the certificate could not be acquired, nonzero otherwise.

The same script has lots of openssl-fu to check the expiry of the locally held certificates, as well as on the servers to which they are deployed, and pushing certs and restarting services on those servers. Maybe I should clean it up and publish it.


#3

Hi @maxpavlov, my recollection is that Certbot is supposed to exit 0 for success and 1 for failure. I just did an experiment with a --force-renew on an existing domain resulting in successful renewal (exit code 0), and an attempt to --expand a certificate to include a domain name that I don’t actually own (exit code 1 following error from the server). So, it seems clear with me that we commonly do get meaningful information in the exit code.

Could you give an example of a command line that you ran and an unexpected or apparently incorrect exit code that you saw as a result?

(I don’t currently remember whether certbot renew in particular distinguishes between “one or more certificates successfully renewed” and “no certificates were due for renewal”, which might be an important case.)


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.