My domain is:
eclectichouston.com
I ran this command:
certbot renew -vv --dry-run --pre-hook "root-certbot-pre-hook" --post-hook "root-certbot-post-hook"
It produced this output:
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Notifying user: Processing /etc/letsencrypt/renewal/eclectichouston.com.conf
Processing /etc/letsencrypt/renewal/eclectichouston.com.conf
Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f172145fe50> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f172145fe50>
Var dry_run=True (set by user).
Var server={'staging', 'dry_run'} (set by user).
Var dry_run=True (set by user).
Var server={'staging', 'dry_run'} (set by user).
Var account={'server'} (set by user).
Starting new HTTP connection (1): r11.o.lencr.org:80
http://r11.o.lencr.org:80 "POST / HTTP/1.1" 200 504
OCSP response for certificate /etc/letsencrypt/archive/eclectichouston.com/cert9.pem is signed by the certificate's issuer.
OCSP certificate status for /etc/letsencrypt/archive/eclectichouston.com/cert9.pem is: OCSPCertStatus.GOOD
Certificate not due for renewal, but simulating renewal for dry run
Requested authenticator webroot and installer apache
Apache version is 2.4.52
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f172191b9d0>
Prep: True
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f172191ba30>
Prep: True
Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f172191ba30> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f172191b9d0>
Plugins selected: Authenticator webroot, Installer apache
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/10636003', new_authzr_uri=None, terms_of_service=None), 6b25055da46b10d0531fb4b210e744ae, Meta(creation_dt=datetime.datetime(2019, 8, 19, 12, 34, 38, tzinfo=), creation_host='thule-droplet', register_to_eff=None))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
^CExiting due to user request.
My web server is (include version):
apache2 b2.4.52-1ubuntu4.13
The operating system my web server runs on is (include version):
ubuntu 22.04
My hosting provider, if applicable, is:
digital ocean
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.21.0-1build1
I need to run a script to disable my firewall to allow renewal to work.
If I run the script manually and then run certbot manually it works.
I am trying to run the script using --prehook, but it does not run. The renewal still hangs when certbot tries to contact https://acme-staging-v02.api.letsencrypt.org/directory
The script is in the path (I got that error originally, but fixed it).
It appears the pre-hook script does not run early enough in the process to drop the firewall in time. Is that what is happening?
Should there be some output related to the pre-hook script? I don't see anything.
