subject:"Bug#838548\: certbot\: Please allow to easily set post\-hooks"

Bug#838548: certbot: Please allow to easily set post-hooks

2017-10-04 Thread Brad Warren

This has been fixed in Certbot's 0.19.0 release.

Bug#838548: certbot: Please allow to easily set post-hooks

2017-07-01 Thread Johannes Keyser

On Sat, 25 Mar 2017 00:50:29 -0400 "Daniel Richard G."
 wrote:
> Hooks are not passed to the "certbot renew" command, but are instead
> saved in the /etc/letsencrypt/renewal/$DOMAIN.conf files.

Indeed, this is the case.
Below [renewalparams] you can specify:
pre_hook = /path/to/executable
renew_hook = /path/to/executable
post_hook = /path/to/executable

To try it, run "certbot --dry-run renew --cert-name MYDOMAIN". While
pre- and post-hooks get always executed, renew-hook scripts get only
executed if an actual renewal was done.

Bug#838548: certbot: Please allow to easily set post-hooks

2017-03-24 Thread Daniel Richard G.

Hello bug,

I think the original wishlist item is implemented as of 0.10.0. See
this (closed) issue:

https://github.com/certbot/certbot/issues/3394

Hooks are not passed to the "certbot renew" command, but are instead
saved in the /etc/letsencrypt/renewal/$DOMAIN.conf files.

Sylvain, could you give this functionality a try?

Bug#838548: certbot: Please allow to easily set post-hooks

2016-11-17 Thread Ondřej Surý

Package: certbot
Version: 0.9.3-1~bpo8+1
Followup-For: Bug #838548

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

here's the patch consistent with Debian policies to accomplish that.

Cheers,
Ondrej

- -- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-41-generic (SMP w/24 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages certbot depends on:
ii  dialog   1.2-20140911-1
ii  init-system-helpers  1.22
ii  python   2.7.9-1
ii  python-certbot   0.9.3-1~bpo8+1
pn  python:any   

certbot recommends no packages.

Versions of packages certbot suggests:
pn  python-certbot-apache  
pn  python-certbot-doc 

- -- no debconf information

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQJ8BAEBCgBmBQJYLoD6XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsH4xEP+gOCsFPbQBWQzBQe1auPHrs5
MOx/iNoIyA9Cm3SGodYc7Rovh3CNtcJQTUuqPCGBgbCCP/ba1sR107srjNJdB6gi
MQEeLHwFvulTtMWVDm+Zh5txT3qQqV7HCYvoJb7GYn7opJ/O8J3/HLhJZKAXyNhq
zrl8F53NAYfKMpOYj5X1G97diWww0STqnWFrf2bo8djl+VKICssKuaGJbRzJCDZu
UOddkVUntlXQPVcBl7VzFRC7zVlqUvurEAhGKkOIHX+ZZuiqs0IHb8oSvZ0TMT3M
KtfW2zZe5bGcxN9Y6KZzuq5zevRMYxyj81XXIbZ0KT+dFNchRey97XhqdBrK9P3w
R8+Jbf3Fm71FBE87Dh0tcpq6lhfHYyn5i6AXxYtqK1QovMeiZGNJnGvO4Sszyom/
/7I0/92TSJUQSTeL5PnzjKAQOCcQSuWzUH0ORv6Ki1vIDNXl7LrWBscG20kdCVlN
2tHIY6f6rDh8cGBFOHe707wUMBhjPKXfVK7tm1v0O4fpGps4gEXyE46NI/AjwguX
+NA1qsGdlJJpFJ6krn13e4bWK/uSQ6PNbCuc9BtLTpPCjggxHdA41hCiZmWCY/WY
AEMJMXLZnj6hdW4ii5L+YQ7LyqKiMDFuNyLFKSaADFJHxGdBmCmJEx71roqAlCht
/NR1KzZ+c3b+E15oyFtq
=RyEd
-END PGP SIGNATURE-
>From f4b3b5b92aa37e8926a593ef1dc19965d553c288 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= 
Date: Thu, 10 Nov 2016 10:06:23 +0100
Subject: [PATCH 3/4] Add {pre,post,renew} hooks with 'run-parts
 /etc/letsencrypt/{pre,post,renew}-hook.d/'

---
 debian/certbot.cron.d  | 2 +-
 debian/certbot.dirs| 3 +++
 debian/certbot.service | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 debian/certbot.dirs

diff --git a/debian/certbot.cron.d b/debian/certbot.cron.d
index dc2f28b..8da70cc 100644
--- a/debian/certbot.cron.d
+++ b/debian/certbot.cron.d
@@ -8,4 +8,4 @@
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 
-0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
+0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --pre-hook '/bin/run-parts /etc/letsencrypt/pre-hook.d/' --post-hook '/bin/run-parts /etc/letsencrypt/post-hook.d/' --renew-hook '/bin/run-parts /etc/letsencrypt/renew-hook.d/'
diff --git a/debian/certbot.dirs b/debian/certbot.dirs
new file mode 100644
index 000..9b2a1e4
--- /dev/null
+++ b/debian/certbot.dirs
@@ -0,0 +1,3 @@
+/etc/letsencrypt/pre-hook.d/
+/etc/letsencrypt/post-hook.d/
+/etc/letsencrypt/renew-hook.d/
diff --git a/debian/certbot.service b/debian/certbot.service
index e7f143c..2f1363d 100644
--- a/debian/certbot.service
+++ b/debian/certbot.service
@@ -4,5 +4,5 @@ Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
 Documentation=https://letsencrypt.readthedocs.io/en/latest/
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/certbot -q renew
+ExecStart=/usr/bin/certbot -q renew --pre-hook '/bin/run-parts /etc/letsencrypt/pre-hook.d/' --post-hook '/bin/run-parts /etc/letsencrypt/post-hook.d/' --renew-hook '/bin/run-parts /etc/letsencrypt/renew-hook.d/'
 PrivateTmp=true
-- 
2.1.4

Bug#838548: [Letsencrypt-devel] Bug#838548: certbot: Please allow to easily set post-hooks

2016-10-23 Thread Harlan Lieberman-Berg

tag 838548 +upstream
thanks

Sylvain  writes:
> It would be nice if the default crontab would allow to define post-hooks
> without modifying the crontab, for example by running run-parts on a new
> /etc/letsencrypt/post-hook.d/ directory.

Hi Sylvain,

Definitely agreed.  I've been speaking to upstream about this, and they
feel very strongly that they'd prefer to integrate this support into
upstream proper, rather than shimming it in with run-parts.

In the mean time, you can work around this functionality by specifying
the hooks directly in the configuration file.  It's not an optimal
solution, since it will attempt to run the hooks even on non-renewals,
but it should work for your usecase.

It's partially undocumented, but you can specify pre-hook, post-hook,
and renew-hook directly in the configuration file
/etc/letsencrypt/cli.ini

Hope that helps, and sorry for the delay.

Sincerely,
-- 
Harlan Lieberman-Berg
~hlieberman

Bug#838548: certbot: Please allow to easily set post-hooks

2016-09-22 Thread Sylvain

Package: certbot
Version: 0.8.1-2~bpo8+1
Severity: wishlist

The current certbot package creates a /etc/cron.d/certbot file that takes care
of renewing certificates. The only way to run post-hooks (eg. to restart the
web server) at the moment is by modifying this file and adding the --post-hook
option.

It would be nice if the default crontab would allow to define post-hooks
without modifying the crontab, for example by running run-parts on a new
/etc/letsencrypt/post-hook.d/ directory.

Thanks,
Sylvain

Bug#838548: certbot: Please allow to easily set post-hooks

Bug#838548: certbot: Please allow to easily set post-hooks

Bug#838548: certbot: Please allow to easily set post-hooks

Bug#838548: certbot: Please allow to easily set post-hooks

Bug#838548: [Letsencrypt-devel] Bug#838548: certbot: Please allow to easily set post-hooks

Bug#838548: certbot: Please allow to easily set post-hooks

6 matches

Site Navigation

Mail list logo

Footer information