I am running on Windows Server 2016. I am using the latest version from the beta installer.
I’ve written a renewal-hook and placed it in the deploy folder at C:\Certbot\renewal-hooks\deploy\convert.bat and verified it works when forcing a renewal. It takes the pem files and converts as necessary and places in the network share. Great!
Now, I thought from Windows assume identity that this would also happen the first time I requested the certificate using certbot certonly -n --webroot --agree-tos --email foo@bar.com -d www.baz.com -w '//my/remote/share$' but the deploy hook doesn’t run.
Is there any option to run my hook when requesting the certificate the first time?
Agreed, that does not seem ideal. The documentation calls it out:
You can also specify hooks by placing files in subdirectories of Certbot’s configuration directory. Assuming your configuration directory is /etc/letsencrypt , any executable files found in /etc/letsencrypt/renewal-hooks/pre , /etc/letsencrypt/renewal-hooks/deploy , and /etc/letsencrypt/renewal-hooks/post will be run as pre, deploy, and post hooks respectively when any certificate is renewed with the renew subcommand
but I suspect many users (myself included) would overlook that detail.
You could emulate the behavior you want with /etc/letsencrypt/cli.ini:
deploy-hook = /path/to/hook
Though I’m not sure whether it will have unintended consequences for other Certbot commands. Doesn’t seem to, but I’m not an expert in how Certbot’s CLI arguments get processed.