Browse Source

certbot: commit hook must be executed at the end

log2mail-beats
Jérémy Lecour 11 months ago
committed by Jérémy Lecour
parent
commit
65bc2c657d
3 changed files with 16 additions and 1 deletions
  1. +1
    -0
      CHANGELOG.md
  2. +1
    -1
      certbot/files/hooks/z-commit-etc.sh
  3. +14
    -0
      certbot/tasks/main.yml

+ 1
- 0
CHANGELOG.md View File

@ -46,6 +46,7 @@ The **patch** part changes incrementally at each release.
* removed some deprecations for Ansible 2.7
* apache: improve permissions in save_apache_status script
* apt: hold packages only if package is installed
* certbot: commit hook must be executed at the end
* elasticsearch: listen on local interface only by default
* evocheck: upstream version 19.11.2
* evocheck: cron jobs execute in verbose


certbot/files/hooks/commit-etc.sh → certbot/files/hooks/z-commit-etc.sh View File

@ -18,7 +18,7 @@ main() {
if [ "${changed_lines}" != "0" ]; then
debug "Committing for ${RENEWED_DOMAINS}"
${git_bin} add --all ${letsencrypt_dir}
${git_bin} add --all
message="[letsencrypt] certificates renewal (${RENEWED_DOMAINS})"
${git_bin} commit --message "${message}" --quiet
else

+ 14
- 0
certbot/tasks/main.yml View File

@ -21,3 +21,17 @@
mode: "0700"
owner: root
group: root
- name: Move commit-etc.sh to z-commit-etc.sh if present
command: "mv /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh"
args:
removes: /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh
creates: /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh
- name: "certbot lock is ignored by Git"
lineinfile:
dest: /etc/.gitignore
line: letsencrypt/.certbot.lock
create: yes
owner: root
mode: "0600"

Loading…
Cancel
Save