[Certbot-dev] [Letsencrypt-devel] Certbot in Debian Stretch
Peter Eckersley
pde at eff.org
Wed Nov 30 16:06:59 PST 2016
On Wed, Nov 30, 2016 at 10:34:11PM +0100, Christian Seiler wrote:
> Ah, and I ran my strace earlier with -e open,access, but after
> rechecking it, it does in fact check for the file's existence
> via stat(). I should remember to use -e open,access,stat when
> checking for file access with strace. [1]
>
> And I just checked, putting post-hook = ... in there actually
> seems to work (renew -vvv says it won't run the post hook
> because nothing is to be renewed, but it won't print that
> message if I comment the line out). I do think you could also
> improve the documentation for the 'renew' command to mention
> that these hooks can be put in the central configuration file,
> and to recommend to people to do that instead of supplying
> them on the command line - that way people won't have the idea
> of modifying the cron job / systemd service for this kind of
> thing.
Defining hooks in cli.ini doesn't actually work in 0.9.3, but it sort of works
in git master, and will be properly solved for 0.10.0:
https://github.com/certbot/certbot/issues/3394
https://github.com/certbot/certbot/issues/3394#issuecomment-258579483
>
> I've now created /etc/letsencrypt/cli.ini and removed my
> drop-in that modifies the systemd service. Thanks, this thread
> has already helped me make my setup saner. :)
>
> Regards,
> Christian
>
> [1] Probably should add openat,fstatat,faccessat to the list
> as well.
>
>
--
Peter Eckersley pde at eff.org
Chief Computer Scientist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the Certbot-dev
mailing list