SAN in pre-/post-hook

lakshsubra · March 28, 2019, 10:57pm

I am trying to setup auto renewal of the certificates for my domain. The cert is for a server which doesn’t server static content. Letsencrypt is configured to use a ‘standalone’ authenticator. Before renewing the certs I need to shutdown the server so that Letsenrypt can verify control of the domain in the standalone mode (and start the server back up).

The SAN for the certificate being renewed can be obtained (in the deploy hook) from the $RENEWED_LINEAGE and/or $RENEWED_DOMAINS indirectly. Are these variables available in pre- and post- hook as well? If not how can one get the SAN in these hooks?

_az · March 28, 2019, 11:14pm

The pre/post hooks do not know about the certificates or domains.

There is a feature request open: Feature request: add environment variable CERTBOT_DOMAIN to all applicable hooks · Issue #6722 · certbot/certbot · GitHub

This usecase where actual pre- and post- hooks would be domain specific certainly wasn't on the table when designing the hook functionality.

system · April 27, 2019, 11:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.