Created
February 5, 2017 15:11
-
-
Save wintermeyer/400fe8cc0aaf75d21e46349527f7bdfd to your computer and use it in GitHub Desktop.
certbot -q renew --renew-hook "service nginx reload"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/cron.d/certbot: crontab entries for the certbot package | |
# | |
# Upstream recommends attempting renewal twice a day | |
# | |
# Eventually, this will be an opportunity to validate certificates | |
# haven't been revoked, etc. Renewal will only occur if expiration | |
# is within 30 days. | |
SHELL=/bin/sh | |
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook "service nginx reload" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@Freekers correct. Although, down below on the same doc's page it says
So, will
--pre-hook
and--post-hook
only be called if a certificate is actually to be obtained/renewed, not before and after every renewal attempt ?Sounds like a renewal attempt is when a certificate is actually to be obtained/renewed. One would think that a check for whether a certificate needs to be renewed at this time is part of a renewal attempt. Apparently, not.
So, basically, the only difference between
pre/post
anddeploy
in that sense is based on a chance of renewal failing, not whether it was "required"