Thanks folks, all great answers! Not sure if there’s a best or correct answer.
I did not know about certbot *.conf despite combing through the docs many times and I did not know about the systemctl override dir or the fact that you could copy that system file to the other dir and it would replace it, I figured that would make it run twice, good to know!
The renewal/*.conf files seem to be created automatically, I certainly didn’t create those by hand, so modifying them looks like a bad idea. Maybe using a pre/post arg to the original certbot command will cause that to be added to these files on creation? I need to try that.
On Wed, 2018-11-28 at 13:29 +0000, Michael Grant wrote:
> In /lib/systemd/system/certbot.service
> The line to start certbot is:
> ExecStart=/usr/bin/certbot -q renew
> If I modify this file by hand:
> ExecStart=/usr/bin/certbot -q --pre-hook /usr/local/bin/certbot-
> prehook.sh renew
> The next time certbot is updated by apt, this file gets overwritten
> and my change goes away.
> Could someone please tell me the proper place to modify certbot’s
> default arg list or is there some systemctl command I should be doing
> instead of modifying this file directly? Or.... is this a bug and
> apt-get should warn me before overwriting this file on update?
Is there a reason why you don't put
in /etc/letsencrypt/renewal/*.conf ?