Using certbot with --renew-hook hangs

I renewed my certificates always manually and decided now to let certbot handle the renewal.
After the renewal it is necessary to copy all single certificates into a single bundle and restart some services.
I have written a really simple script for this which executes without problems.
But if the script is called from certbot it seems to hang and certbot does not finish.

I executed certbot (version 0.14.1) with:
certbot renew -q --renew-hook /usr/home/idefix/letsencrypt/create-haproxy-ssl-restart-all.sh

If I check the /var/log/letsencrypt/letsencrypt.log it contains:
2017-05-20 07:31:31,714:INFO:certbot.hooks:Running renew-hook command: /usr/home/idefix/letsencrypt/create-haproxy-ssl-restart-all.sh

A ps shows something strange. It seems that the script has somehow gone into state.
root 23538 0.0 0.8 165684 62216 0 I+ 9:29AM 0:12.14 /usr/local/bin/python2.7 /usr/local/bin/certbot renew -q --renew-hook /usr/home/idefix/letsencrypt/create-haproxy-ssl-restart-all.sh root 24943 0.0 0.0 0 0 0 Z+ 9:31AM 0:01.02 <defunct>
I’m not sure that the belongs to the certbot process, but the time matches it (certbot does not log the current time, but maybe UTC to the logfile).

The script itself is really simple (I just replace the default domain with a dummy value):
#!/bin/sh -e

CERTS_DIR=/usr/local/etc/letsencrypt/live
HAPROXY_DIR=/usr/local/etc/haproxy/certs

DEFAULT_DOMAIN=default_domain
DOMAINS=`cd $CERTS_DIR; find . -type d -depth 1 | sed s#\./##`

# Make sure the certificate and private files are never world readable
umask 077

mkdir -p ${HAPROXY_DIR}
rm -Rf ${HAPROXY_DIR}/*

echo "Add standard domain (${DEFAULT_DOMAIN}) in front of keyfile"
cat ${CERTS_DIR}/${DEFAULT_DOMAIN}/fullchain.pem ${CERTS_DIR}/${DEFAULT_DOMAIN}/privkey.pem > ${HAPROXY_DIR}/01-${DEFAULT_DOMAIN}.pem
for DOMAIN in $DOMAINS
do
        echo Add key for $DOMAIN
        cat ${CERTS_DIR}/${DOMAIN}/fullchain.pem ${CERTS_DIR}/${DOMAIN}/privkey.pem > ${HAPROXY_DIR}/${DOMAIN}.pem
done

chmod -R go-rwx ${HAPROXY_DIR}

echo "Restart haproxy"
killall haproxy; service haproxy restart

echo "Restart postfix"
service postfix restart

echo "Restart dovecot"
service dovecot restart

Has anyone an idea, why this script got a zombie and certbot never finished?

Thanks a lot.
Matthias

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.