Thanks folks, all great answers! Not sure if there’s a best or correct answer. I did not know about certbot *.conf despite combing through the docs many times and I did not know about the systemctl override dir or the fact that you could copy that system file to the other dir and it would replace it, I figured that would make it run twice, good to know! The renewal/*.conf files seem to be created automatically, I certainly didn’t create those by hand, so modifying them looks like a bad idea. Maybe using a pre/post arg to the original certbot command will cause that to be added to these files on creation? I need to try that. Michael Grant From: Jim Popovitch On Wed, 2018-11-28 at 13:29 +0000, Michael Grant wrote: > In /lib/systemd/system/certbot.service > > The line to start certbot is: > ExecStart=/usr/bin/certbot -q renew > > If I modify this file by hand: > > ExecStart=/usr/bin/certbot -q --pre-hook /usr/local/bin/certbot- > prehook.sh renew > > The next time certbot is updated by apt, this file gets overwritten > and my change goes away. > > Could someone please tell me the proper place to modify certbot’s > default arg list or is there some systemctl command I should be doing > instead of modifying this file directly? Or.... is this a bug and > apt-get should warn me before overwriting this file on update? Is there a reason why you don't put "pre-hook /usr/local/bin/certbot-prehook.sh" in /etc/letsencrypt/renewal/*.conf ? -Jim P.
|