certhub-certbot-run@.service

Synopsis

certhub-certbot-run@.service

certhub-certbot-run@.path

Description

A service which runs certhub-certbot-run with a CSR read from the config directory. The resulting fullchain certificate is committed to the repository. A commit message is generated automatically.

A path unit which runs the service unit if the expiry status file managed by certhub-cert-expiry@.service exists or if the CSR file changed.

The instance name (systemd instance string specifier %i) is used as the basename of the configuration and the resulting certificate file.

Environment

CERTHUB_REPO

URL of the repository where certificates are stored. Defaults to: /var/lib/certhub/certs.git

CERTHUB_CERT_PATH

Path to the certificate file inside the repository. Defaults to: {WORKDIR}/%i.fullchain.pem

CERTHUB_CSR_PATH

Path to the CSR file. Defaults to: /etc/certhub/%i.csr.pem

CERTHUB_CERTBOT_ARGS

Additional Arguments for certbot certonly run. Defaults to: --non-interactive

CERTHUB_CERTBOT_CONFIG

Path to a certbot configuration file. Defaults to: /etc/certhub/%i.certbot.ini

Files

/etc/certhub/env

Optional environment file shared by all instances and certhub services.

/etc/certhub/%i.env

Optional per-instance environment file shared by all certhub services.

/etc/certhub/certhub-certbot-run.env

Optional per-service environment file shared by all certhub service instances.

/etc/certhub/%i.certhub-certbot-run.env

Optional per-instance and per-service environment file.

See Also

certhub-cert-expiry@.service, certhub-certbot-run(1), certhub-message-format(1)