If I am not mistaking, currently, there is no way to force certbot to return integer value output for either success or failure conditions. It would be good to have such 0 - success, 1 - error mode so that it enables automation script development in a more conventional manner.
Meanwhile, perhaps someone could suggest a workaround where given the certbot certonly command is issued, one can obtain the result and parse it in a boolean manner to guide the script logic to appropriate paths’s?
This is a snippet from my renewal script:
$LETSOP --rsa-key-size 4096 --webroot --webroot-path $WWWR -d $HOST
RETCOD=$?
fusermount -u $WWWR
if [ $RETCOD -ne 0 ]
then
echo ------------------------- failed
else
echo good
This dates back to before letsencrypt-auto had the renewal feature (and was not called certbot). It does indeed return 0 if the certificate could not be acquired, nonzero otherwise.
The same script has lots of openssl-fu to check the expiry of the locally held certificates, as well as on the servers to which they are deployed, and pushing certs and restarting services on those servers. Maybe I should clean it up and publish it.
Hi @maxpavlov, my recollection is that Certbot is supposed to exit 0 for success and 1 for failure. I just did an experiment with a --force-renew on an existing domain resulting in successful renewal (exit code 0), and an attempt to --expand a certificate to include a domain name that I don’t actually own (exit code 1 following error from the server). So, it seems clear with me that we commonly do get meaningful information in the exit code.
Could you give an example of a command line that you ran and an unexpected or apparently incorrect exit code that you saw as a result?
(I don’t currently remember whether certbot renew in particular distinguishes between “one or more certificates successfully renewed” and “no certificates were due for renewal”, which might be an important case.)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.