SAN in pre-/post-hook


#1

I am trying to setup auto renewal of the certificates for my domain. The cert is for a server which doesn’t server static content. Letsencrypt is configured to use a ‘standalone’ authenticator. Before renewing the certs I need to shutdown the server so that Letsenrypt can verify control of the domain in the standalone mode (and start the server back up).

The SAN for the certificate being renewed can be obtained (in the deploy hook) from the $RENEWED_LINEAGE and/or $RENEWED_DOMAINS indirectly. Are these variables available in pre- and post- hook as well? If not how can one get the SAN in these hooks?


#2

The pre/post hooks do not know about the certificates or domains.

There is a feature request open: https://github.com/certbot/certbot/issues/6722

This usecase where actual pre- and post- hooks would be domain specific certainly wasn’t on the table when designing the hook functionality.