dietpi-letsencrypt hooks not executed Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
Post Reply
Arne
Posts: 3
Joined: Wed Oct 06, 2021 4:58 pm

dietpi-letsencrypt hooks not executed

Post by Arne »

Hello everyone,

I intend to not run an open port 80 in my Fritzbox router (all the time), but I intend to let my Raspberry Pi automatically renew its certificates.
To achieve this, I created a script that can open the port and another one, that closes it. After quite some messing about, this part is successful.

I placed those scripts under /etc/letsencrypt/renewal-hooks/pre, respectively post directories.

Running certbot renew --force-renewal, those scripts are executed (I can see it in the terminal as well as on the routers configuration page, the port is shown open for the time), but if I use dietpi-letsencrypt, they seem not to be executed.
I am not sure if I would see them in the terminal, but definitely the router is not showing open port.

Can anybody point me to where I might be able to adjust the command line used by dietpi-letsencrypt?
For now, I still need to do that work manually...
User avatar
Joulinar
Posts: 5996
Joined: Sat Nov 16, 2019 12:49 am

Re: dietpi-letsencrypt hooks not executed

Post by Joulinar »

usually there is nothing special on dietpi-letsencryp as we do nothing else than using certbot. Is your certificate already close to expire? Because a renewal will be triggered only close to expiration date. Means it's not done on daily basis.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Arne
Posts: 3
Joined: Wed Oct 06, 2021 4:58 pm

Re: dietpi-letsencrypt hooks not executed

Post by Arne »

Hey Joulinar,

thank you for your response. No, my certificate wasn't close to expiry. Hence I used on my manual execution the flag "--force-renewal" and on dietpi-letsencrypt selected option 2 when it prompted me that the certificate is not yet up for renewal. In both cases it attempted to renew it, but the execution of the scripts (visible by the opening and closing of the ports on the router) only happened on certbot.

Can you/anyone else tell me where the config files for dietpi-letsencrypt are located?
User avatar
Joulinar
Posts: 5996
Joined: Sat Nov 16, 2019 12:49 am

Re: dietpi-letsencrypt hooks not executed

Post by Joulinar »

dietpi-letsencrypt don't have config files. It's nothing else than a wrapper/gui for certbot. I guess you would need to wait short before your certificates are going to expire to see if certbot will automatically invoke your hooks correctly.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 3357
Joined: Sat Nov 18, 2017 6:21 pm

Re: dietpi-letsencrypt hooks not executed

Post by MichaIng »

dietpi-letsencrypt does not force a renewal, hence it is expected that hooks for the renewal/deployment are not triggered when the certificate is now due for renewal. If it works with certbot --force-renewal, then it will work as well when the cron job triggers an actual auto-renewal.
Arne
Posts: 3
Joined: Wed Oct 06, 2021 4:58 pm

Re: dietpi-letsencrypt hooks not executed

Post by Arne »

Thank you Michaelng & Joulinar!

I guess I will wait then - but I would still expect dietpi-letsencrypt to do the same, inclusive executing scripts, when it asks me to renew non expired certificates before they are due. So I will create an additional script that will create a log so I can see what will happen in the background in some months...
User avatar
MichaIng
Site Admin
Posts: 3357
Joined: Sat Nov 18, 2017 6:21 pm

Re: dietpi-letsencrypt hooks not executed

Post by MichaIng »

Generally I think it is fine to not force a renewal when not required to not cause unnecessary load to client and ACME servers. dietpi-letsencrypt still applies the HTTPS configuration for the webservers. But probably we can add a separate forced renewal option to the menu.
Post Reply