[Certbot-dev] [Letsencrypt-devel] Certbot in Debian Stretch

Peter Eckersley pde at eff.org
Wed Nov 30 16:06:59 PST 2016


On Wed, Nov 30, 2016 at 10:34:11PM +0100, Christian Seiler wrote:
 
> Ah, and I ran my strace earlier with -e open,access, but after
> rechecking it, it does in fact check for the file's existence
> via stat(). I should remember to use -e open,access,stat when
> checking for file access with strace. [1]
> 
> And I just checked, putting post-hook = ... in there actually
> seems to work (renew -vvv says it won't run the post hook
> because nothing is to be renewed, but it won't print that
> message if I comment the line out). I do think you could also
> improve the documentation for the 'renew' command to mention
> that these hooks can be put in the central configuration file,
> and to recommend to people to do that instead of supplying
> them on the command line - that way people won't have the idea
> of modifying the cron job / systemd service for this kind of
> thing.

Defining hooks in cli.ini doesn't actually work in 0.9.3, but it sort of works
in git master, and will be properly solved for 0.10.0:

https://github.com/certbot/certbot/issues/3394
https://github.com/certbot/certbot/issues/3394#issuecomment-258579483

> 
> I've now created /etc/letsencrypt/cli.ini and removed my
> drop-in that modifies the systemd service. Thanks, this thread
> has already helped me make my setup saner. :)
> 
> Regards,
> Christian
> 
> [1] Probably should add openat,fstatat,faccessat to the list
>     as well.
> 
> 

-- 
Peter Eckersley                            pde at eff.org
Chief Computer Scientist          Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993


More information about the Certbot-dev mailing list