Certbot pre and post validation hooks for Selectel (manual mode).
Inspired by official example
From oficial manual:
--dry-run
option for test "renew" or "certonly" without saving any certificates to disk. You can try it with--dry-run
first
--post-hook
option can be used to deploy renewed certificates, or to restart any servers that were stopped by --pre-hook. Not necessary.
certbot certonly \
-d [DOMAIN] \
--dry-run \
--manual \
--manual-public-ip-logging-ok \
--preferred-challenges=dns \
--manual-auth-hook /PATH/TO/certbot-selectel-hooks/authenticator.sh \
--manual-cleanup-hook /PATH/TO/certbot-selectel-hooks/cleanup.sh \
--post-hook /PATH/TO/post-hook.sh
If the certificate was issued earlier, but error «The manual plugin is not working;» was raised on renewal, run next command:
certbot -q renew \
--dry-run \
--manual \
--preferred-challenges=dns \
--manual-auth-hook /PATH/TO/certbot-selectel-hooks/authenticator.sh \
--manual-cleanup-hook /PATH/TO/certbot-selectel-hooks/cleanup.sh \
--post-hook /PATH/TO/post-hook.sh
post-hook.sh
#!/bin/bash
chown -R www-data:www-data /etc/letsencrypt/{live,archive}
systemctl reload nginx
exit 0