If I am not mistaking, currently, there is no way to force certbot to return integer value output for either success or failure conditions. It would be good to have such 0 - success, 1 - error mode so that it enables automation script development in a more conventional manner.
Meanwhile, perhaps someone could suggest a workaround where given the certbot certonly command is issued, one can obtain the result and parse it in a boolean manner to guide the script logic to appropriate paths’s?
$LETSOP --rsa-key-size 4096 --webroot --webroot-path $WWWR -d $HOST
RETCOD=$?
fusermount -u $WWWR
if [ $RETCOD -ne 0 ]
then
echo ------------------------- failed
else
echo good
This dates back to before letsencrypt-auto had the renewal feature (and was not called certbot). It does indeed return 0 if the certificate could not be acquired, nonzero otherwise.
The same script has lots of openssl-fu to check the expiry of the locally held certificates, as well as on the servers to which they are deployed, and pushing certs and restarting services on those servers. Maybe I should clean it up and publish it.
Hi @maxpavlov, my recollection is that Certbot is supposed to exit 0 for success and 1 for failure. I just did an experiment with a --force-renew on an existing domain resulting in successful renewal (exit code 0), and an attempt to --expand a certificate to include a domain name that I don’t actually own (exit code 1 following error from the server). So, it seems clear with me that we commonly do get meaningful information in the exit code.
Could you give an example of a command line that you ran and an unexpected or apparently incorrect exit code that you saw as a result?
(I don’t currently remember whether certbot renew in particular distinguishes between “one or more certificates successfully renewed” and “no certificates were due for renewal”, which might be an important case.)