certhub-lego-run@.service¶
Description¶
A service which runs certhub-lego-run with a CSR read from the config directory. The resulting fullchain certificate is committed to the repository. A commit message is generated automatically.
A path unit which runs the service unit if the expiry status file managed by certhub-cert-expiry@.service exists or if the CSR file changed.
The instance name (systemd instance string specifier %i) is used as the
basename of the configuration and the resulting certificate file.
Environment¶
-
CERTHUB_REPO¶ URL of the repository where certificates are stored. Defaults to:
/var/lib/certhub/certs.git
-
CERTHUB_CERT_PATH¶ Path to the certificate file inside the repository. Defaults to:
{WORKDIR}/%i.fullchain.pem
-
CERTHUB_CSR_PATH¶ Path to the CSR file. Defaults to:
/etc/certhub/%i.csr.pem
-
CERTHUB_LEGO_ARGS¶ Additional Arguments for lego --csr run. Empty by default.
-
CERTHUB_LEGO_CHALLENGE_ARGS¶ Use this environment variable to select a challenge method. Empty by default. Lego will fall back to HTTP-01 challenge if this variable is not set.
-
CERTHUB_LEGO_DIR¶ The path to the directory where lego stores accound data and issued certificates. Defaults to:
var/lib/certhub/private/lego
Files¶
-
/etc/certhub/env¶ Optional environment file shared by all instances and certhub services.
-
/etc/certhub/%i.env¶ Optional per-instance environment file shared by all certhub services.
-
/etc/certhub/certhub-lego-run.env¶ Optional per-service environment file shared by all certhub service instances.
-
/etc/certhub/%i.certhub-lego-run.env¶ Optional per-instance and per-service environment file.
See Also¶
certhub-cert-expiry@.service, certhub-lego-run(1), certhub-message-format(1)