Renewal-hook working or not

pipa_85 · March 5, 2025, 1:32pm

Hello,

I aded a renewal-hook by creating in the directory /etc/letsencrypt/renewal-hooks/deploy a file named coturn which contains the lines below. This hook is supposed to copy the fullchain and the privkey files in the directory /etc/turnserver
But nothing happened. I copied these files myself manually. Mayby the reason is that the certificate isn't due for renewal yet.
My question is how do I know if this hook is working correctly before the certificate is due for renewal ?

#!/bin/bash -e
for certfile in fullchain.pem privkey.pem ; do	
cp -L /etc/letsencrypt/live/<turn.example.com>/"${certfile}" /etc/turnserver/"${certfile}".new	
chown turnserver:turnserver /etc/turnserver/"${certfile}".new	
mv /etc/turnserver/"${certfile}".new /etc/turnserver/"${certfile}"
done
systemctl kill -sUSR2 coturn.service

MikeMcQ · March 5, 2025, 2:30pm

I like to write to my own log file inside a custom script like that. It helps me know when and what it does. Just a simple echo or logger command for example.

That hook only runs when a cert is newly issued (or renewed).

You should be able to test its operation with:

sudo certbot renew --dry-run --run-deploy-hooks

See the full explanation of --run-deploy-hooks with --dry-run here:

https://eff-certbot.readthedocs.io/en/latest/using.html#certbot-command-line-options

Topic		Replies	Views
Certificate config contains old renewal hook values Help	9	517	July 26, 2023
Changing remembered hooks for renewals Server	1	2114	December 13, 2017
Renew_hook in in the /renewal/domain.conf file? Help	13	2790	August 2, 2023
`certbot renew` overwriting renewal file Help	6	1487	May 19, 2020
How to test renew hooks? Help	2	4957	January 8, 2020

Renewal-hook working or not

Related topics