Question: What information do renewal-related scripts need access to?


#1

Hi folks,

There is a pull request to add support for “renew hooks”:

The goal of this feature is to make it easy to run your own scripts during the renewal process, possibly based on the outcome of the renewal attempt. A simple example is that one script could be run to stop your web server (if you need the standalone authenticator, for example) before beginning renewal and then to restart the server after renewal is complete.

The new code defines three different kinds of hooks that you can optionally ask the client to run for you under particular circumstances:

  1. before obtaining any certs
  2. after obtaining all certs
  3. after a specific lineage is renewed

For the third case, the code provides two environment variables, RENEWED_LINEAGE (a reference to the live directory containing the objects associated with the successful renewal) and RENEWED_DOMAINS (a list of all of the subject domains that were successfully renewed).

Are there other kinds of information that you would like to see made available in environment variables, that might be useful for your own shell scripts in some way?


#2

Not exactly information, but order of information. There should be a built-in function to get the list of certs in order of their expiration date.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.