Post Hook Lets Encrypt per domain from Ispconfig panel

Discussion in 'General' started by giovanni.four, Dec 2, 2021.

  1. giovanni.four

    giovanni.four New Member

    Hi Dear,
    I have to run a script after renewal for specific domain (a web site domain not ispconfig server certificate).
    I'm a little confused, Can do it directly from the ispconfig control panel or externally with lets encrypt configuration file?
    Thanks.
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. giovanni.four

    giovanni.four New Member

    "specific domain" means:
    IspconfigPanel -> Sites -> Open a "specific website" to edit website detail.
    Your indication seems global.
    Thanks.
     
  4. giovanni.four

    giovanni.four New Member

    My problem is that for dovecot and postfix I use the same SSL certificated installed in webmail.
    Web server apache reload certicate after letsencrypt renew while dovecot does not.
    I should check if the problem also shows up in postfix.
    Thanks.
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

  6. giovanni.four

    giovanni.four New Member

    /etc/letsencrypt/renewal/domain_site.conf is rewritten in /usr/local/ispconfig/server/lib/classes/cron.d/900-letsencrypt.inc.php
    $marker_file = '/usr/local/ispconfig/server/le.restart';
    $cmd = "echo '1' > " . $marker_file;
    $app->system->exec_safe($letsencrypt . ' -n renew --post-hook ?', $cmd);
    so I think is not a great idea to directly edit it.
    Thanks.
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Ignore this, I think this is the wrong solution for your case, that renewal hook script is only run for the certificate that is setup by the installer, not an individual site.
    Judging by the file timestamps in /etc/letsencrypt/renewal/, such a conf file is not overwritten on each renewal, so changing it should be safe. You can also create hook scripts under /etc/letsencrypt/renewall-hooks/, eg. see https://eff-certbot.readthedocs.io/en/stable/using.html#renewal. I would probably try a deploy hook which checks $RENEWED_DOMAINS and restarts mail services if the specific domain(s) you are interested in were renewed.
     
  8. ahrasis

    ahrasis Well-Known Member

    In my mind it may be possible for you to change that specific domain LE renewal config file to allow the use of such a hook.
     
    Last edited: Dec 4, 2021
  9. gio.four

    gio.four New Member

    hi,
    I will try to follow your advice.
    Thanks
     

Share This Page