Let's Encrypt Hooks

1

Does Hestia CP support hooks upon Let’s Encrypt certificate renewal?

Currently using dehydrated: hook.sh - deploy_cert function on other platforms.

2

Currently, there are no hooks built in - no. What would be your use case for such a hook?

3

@Raphael - thanks for reply.

As replied in previous thread (Duplicati) - it does use Mono for Linux, thus bundled certificate in PKCS #12 format is required.

Currently I re-create the certificate manually using openssl every three months.

Cron job can be created for this, but better approach are hooks, ie. dehydrated.

What approach do you recommend to tackle with the issue? Possibly altering “/usr/local/hestia/bin/v-generate-ssl-cert” ??

4

v-generate-ssl-cert it’s called before the cert gets downloaded from LE.

Still you can use the appoach described here:

2 Likes
5

@Lupu - Thanks, working as expected.

6

Hi there everyone!
I like HestiaCP! Keep up the good work!
Thus, I want to contribute to the community with some insights regarding this topic, as I have spent quite a while figuring it out. :blush:

I know this is an older topic, but it is still relevant.

Please note that the change in Git does not work as expected. The v-add-web-domain-ssl script is not called in every situation, so the custom script hook will not be executed in most cases.

Let me explain why and how I suggest fixing this, as I have reverse-engineered it a bit:

The execution flow is as follows:

  1. First, v-update-letsencrypt-ssl is called by the cronjob.
  2. This script calls the v-add-letsencrypt-domain script if a certificate renewal is needed.
  3. From here, the v-add-web-domain-ssl script is called only if SSL is disabled (see line 551). So, it will be called only once when enabling SSL? Either I don’t understand this behavior, or this is indeed a bug. Otherwise, it makes no sense to me. Please let me know!

My suggested FIX:
I would suggest moving the execution of the script defined by the UPDATE_SSL_SCRIPT variable directly into the v-add-letsencrypt-domain script after the $ssl_enabled = "yes" check (after line 552).

Thank you & BR

1 Like