certhub-certbot-run@.service¶
Synopsis¶
certhub-certbot-run@.service
certhub-certbot-run@.path
Description¶
A service which runs certhub-certbot-run with a CSR read from the config directory. The resulting fullchain certificate is committed to the repository. A commit message is generated automatically.
A path unit which runs the service unit if the expiry status file managed by certhub-cert-expiry@.service exists or if the CSR file changed.
The instance name (systemd instance string specifier %i
) is used as the
basename of the configuration and the resulting certificate file.
Environment¶
- CERTHUB_REPO¶
URL of the repository where certificates are stored. Defaults to:
/var/lib/certhub/certs.git
- CERTHUB_CERT_PATH¶
Path to the certificate file inside the repository. Defaults to:
{WORKDIR}/%i.fullchain.pem
- CERTHUB_CSR_PATH¶
Path to the CSR file. Defaults to:
/etc/certhub/%i.csr.pem
- CERTHUB_CERTBOT_ARGS¶
Additional Arguments for certbot certonly run. Defaults to:
--non-interactive
- CERTHUB_CERTBOT_CONFIG¶
Path to a certbot configuration file. Defaults to:
/etc/certhub/%i.certbot.ini
Files¶
- /etc/certhub/env¶
Optional environment file shared by all instances and certhub services.
- /etc/certhub/%i.env¶
Optional per-instance environment file shared by all certhub services.
- /etc/certhub/certhub-certbot-run.env¶
Optional per-service environment file shared by all certhub service instances.
- /etc/certhub/%i.certhub-certbot-run.env¶
Optional per-instance and per-service environment file.
See Also¶
certhub-cert-expiry@.service, certhub-certbot-run(1), certhub-message-format(1)