Setting environmental variables for hooks with cli.ini

I have such setup:

  • /var/apps/ script which does something and sends a email notification
  • cli.ini contains renew-hook = /var/apps/

It works OK but there is a small problem: I have to put email addresses into If only addresses could come from somewhere else I’d put the script into a git repository and use it on all servers without any changes.

The best option would be the same cli.ini since I have to manually set the renew hook there anyways.

As I see it I can set environments variables for hooks in cli.ini like

renew-hook = MY_EMAIL=kaka@shino.bu /var/apps/ # Quoting required mby?
disable-hook-validation = True

I tried running the execute() function from certbot/certbot/ manually with commands like MY_EMAIL=kaka@shino.bu /var/apps/ and $MY_EMAIL was set in but it looks ugly to me putting vars into commands. Besides ugliness it breaks some logging logic in execute() because of

def execute(shell_cmd):
    """Run a command.
    :returns: `tuple` (`str` stderr, `str` stdout)"""

    # universal_newlines causes Popen.communicate()
    # to return str objects instead of bytes in Python 3
    cmd = Popen(shell_cmd, shell=True, stdout=PIPE,
                stderr=PIPE, universal_newlines=True)
    out, err = cmd.communicate()
    base_cmd = os.path.basename(shell_cmd.split(None, 1)[0]) # <========= THIS
    if out:'Output from %s:\n%s', base_cmd, out)
    if cmd.returncode != 0:
        logger.error('Hook command "%s" returned error code %d',
                     shell_cmd, cmd.returncode)
    if err:
        logger.error('Error output from %s:\n%s', base_cmd, err)
    return (err, out)

Is there some other way to set environmental variables for hooks in cli.ini? Mby there is some undocumented cli option like --set-hook-env X=Y ?

Hi @dandelionred,

There is a Unix program called env that sets environment variables before executing a particular specified command line. You should be able to use env MY_EMAIL=kaka@shino.bu /var/apps/ with the effect that you wanted.

I’m aware of env. There is no significant difference between env MY_EMAIL=kaka@shino.bu /var/apps/ and running MY_EMAIL=kaka@shino.bu /var/apps/ in shell (which is what execute() does behind the scenes): both put the variable into the hook’s environment. And both strings are ugly as commands and break the logging logic.

Sorry, I was confused about what you were looking for! Unfortunately, I don’t think there are other features in Certbot right now that will be helpful to you this way.

Thanks, I’ll post it into suggestions then.

Hi @dandelionred,

You can create a file like /etc/letsencrypt/myvars and source it from your script.


I want all certbot settings to be in a single place. Like /etc/letsencrypt/cli.ini containing

renew-hook = /var/apps/
hook-env = MY_EMAIL=kaka@shino.bu

Feature request thread: Cli option to set enviromnent variables for hooks

You should open that feature request directly on cerbot’s github site

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.