I created a docker container that has nginx with letsencrypt built-in. It is running on ubuntu. Letsencrypt is cloned from the git repo. I have a couple of questions about how to properly update it.
I have been running a cron script every night that does the following:
git pull (to update the local files)
letsencrypt-auto -h (to let the script update its dependencies)
figure out the age of the certs, if older than 60 days, renew using letsencrypt-auto, if not, do nothing
The above was working fine until yesterday, when the letsencrypt-auto script got updated to 0.5.0. Now, git pull is giving errors due to locally modified file (letsencrypt-auto).
What is the best protocol for keeping letsencrypt client up-to-date?
@aptalca, what happened here is that letsencrypt-auto is self-updating. That is, letsencrypt-auto will modify itself as updates become available. This is what is causing the problems with git pull.
The best way to keep letsencrypt up to date is simply to run letsencrypt-auto. All other files from our GitHub page are unused by the script.
When we release a new version of the letsencrypt-auto and you run your local copy, letsencrypt-auto will download update and overwrite itself with the new version. Additionally, all Python packages required by letsencrypt will be updated as well.
Additionally, I believe I can simplify your renewal setup. The client has a subcommand called renew that renews your certificates only if they are within 30 days from expiration. Documentation on this flag can be found here.
So I take it I can remove the git pull step and just rely on the auto script updating itself. I’ll make that change.
One question I have is, does one still need to clone the git repo initially (during first install), or would just pulling the auto script alone be sufficient?
The renew flag looks excellent.I’ll look into adopting it.