Running certbot behind proxy

reismade · June 15, 2021, 10:20am

Hi,

I'm running certbot on a server (RHEL 8) behind a company proxy. It works well if I set the proxy via environment variable (export https_proxy=...). After I set https_proxy, the auto-renewal worked for quite a while.

However, during the last maintenance window, probably some RHEL update was installed, or whatever it was, but https_proxy wasn't set anymore. I didn't notice, and some certs expired. I need a more permanent way to set the proxy. I know how to do it when it's triggered by a cron job, but since I installed the certbot as a snap, I don't have a clue anymore what exactly triggers the certbot or where to set the proxy. Please advice.

Regards,
Mario

_az · June 15, 2021, 10:28am

Since it is a systemd unit, something like this might work:

$ cat /etc/systemd/system/snap.certbot.renew.service.d/override.conf
[Service]
Environment=HTTPS_PROXY=https://192.168.0.1

(can also create the file by using systemctl edit snap.certbot.renew.service and pasting the two lines in).

_az · June 15, 2021, 11:16am

Also don't forget to systemctl daemon-reload afterwards for it to take effect!

system · July 15, 2021, 11:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.