certhub-certbot-run@.service¶
Description¶
A service which runs certhub-certbot-run with a CSR read from the config directory. The resulting fullchain certificate is committed to the repository. A commit message is generated automatically.
A path unit which runs the service unit if the expiry status file managed by certhub-cert-expiry@.service exists or if the CSR file changed.
The instance name (systemd instance string specifier %i) is used as the
basename of the configuration and the resulting certificate file.
Environment¶
-
CERTHUB_REPO¶ URL of the repository where certificates are stored. Defaults to:
/var/lib/certhub/certs.git
-
CERTHUB_CERT_PATH¶ Path to the certificate file inside the repository. Defaults to:
{WORKDIR}/%i.fullchain.pem
-
CERTHUB_CSR_PATH¶ Path to the CSR file. Defaults to:
/etc/certhub/%i.csr.pem
-
CERTHUB_CERTBOT_ARGS¶ Additional Arguments for certbot certonly run. Defaults to:
--non-interactive
-
CERTHUB_CERTBOT_CONFIG¶ Path to a certbot configuration file. Defaults to:
/etc/certhub/%i.certbot.ini
Files¶
-
/etc/certhub/env¶ Optional environment file shared by all instances and certhub services.
-
/etc/certhub/%i.env¶ Optional per-instance environment file shared by all certhub services.
-
/etc/certhub/certhub-certbot-run.env¶ Optional per-service environment file shared by all certhub service instances.
-
/etc/certhub/%i.certhub-certbot-run.env¶ Optional per-instance and per-service environment file.
See Also¶
certhub-cert-expiry@.service, certhub-certbot-run(1), certhub-message-format(1)