On Wed, Nov 30, 2016 at 10:34:11PM +0100, Christian Seiler wrote: > Ah, and I ran my strace earlier with -e open,access, but after > rechecking it, it does in fact check for the file's existence > via stat(). I should remember to use -e open,access,stat when > checking for file access with strace. [1] > > And I just checked, putting post-hook = ... in there actually > seems to work (renew -vvv says it won't run the post hook > because nothing is to be renewed, but it won't print that > message if I comment the line out). I do think you could also > improve the documentation for the 'renew' command to mention > that these hooks can be put in the central configuration file, > and to recommend to people to do that instead of supplying > them on the command line - that way people won't have the idea > of modifying the cron job / systemd service for this kind of > thing.
Defining hooks in cli.ini doesn't actually work in 0.9.3, but it sort of works in git master, and will be properly solved for 0.10.0: https://github.com/certbot/certbot/issues/3394 https://github.com/certbot/certbot/issues/3394#issuecomment-258579483 > > I've now created /etc/letsencrypt/cli.ini and removed my > drop-in that modifies the systemd service. Thanks, this thread > has already helped me make my setup saner. :) > > Regards, > Christian > > [1] Probably should add openat,fstatat,faccessat to the list > as well. > > -- Peter Eckersley p...@eff.org Chief Computer Scientist Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993
