Hi, I'm running certbot_renewal to renew multiple SSL certificates at the same time. I would like to run a script at the end of the multiple SSL certificated renewal. Should I write my script into the deploy or post hook? I want to run my app only after the last renewed SSL certificate.
I just run a test on 11 ssl certificate to renew so I put a script in the deploy and post hoot as follow:
for the deploy hook: now =$(date)
echo "$now" >> /root/sysmgm/scripts/acme/test/howmanydeploy.txt
for the post hook: now =$(date)
echo "$now" >> /root/sysmgm/scripts/acme/test/howmanypost.txt
The file hownamnydeploy.txt was written every ssl cert renewal as follow:
Mon Dec 13 00:38:24 PST 2021
Mon Dec 13 00:38:34 PST 2021
Mon Dec 13 00:38:47 PST 2021
Mon Dec 13 00:39:05 PST 2021
Mon Dec 13 00:39:16 PST 2021
Mon Dec 13 00:39:28 PST 2021
Mon Dec 13 00:39:40 PST 2021
Mon Dec 13 00:39:51 PST 2021
Mon Dec 13 00:40:08 PST 2021
Mon Dec 13 00:40:19 PST 2021
Mon Dec 13 00:40:36 PST 2021
The file howmanypost was written only one time:
Mon Dec 13 00:40:41 PST 2021
From the date you can see that the howmaypost was written only once at the end of the all multiple ssl renewal.
I deduct that the post-hook script is called only once at the end of the renewal process..
Your post implies that you only want to run your script once (after all renewals have been processed).
But the question is: Do you want to only run when a cert has been renewed OR do you always want it to run after each renewal check?
But wouldn't it do that once always (no matter if any certs were renewed or not)?
yes you are correct the exact command I'm using is : certbot renew!
In the previous post I didn't realize that I posted an ansible wrapper for the same command, my ansible certbot_renew (not certbot_renewal this was a typo) contains the following code:
THIS IS AN ANSIBLE MANAGED SCRIPT - DO NOT EDIT
This script is meant to be run as part of a cron job to renew this systems