mirror of
https://github.com/certbot/certbot.git
synced 2026-06-09 00:32:12 -04:00
Merge remote-tracking branch 'origin/master' into deprecation-warning
This commit is contained in:
Peter Eckersley
commit
fa61addb15
2 changed files with 25 additions and 9 deletions
|
|
@ -215,12 +215,25 @@ expire in less than 30 days. The same plugin and options that were used
|
|||
at the time the certificate was originally issued will be used for the
|
||||
renewal attempt, unless you specify other plugins or options.
|
||||
|
||||
You can also specify hooks to be run before or after a certificate is
|
||||
renewed. For example, if you want to use the standalone_ plugin to renew
|
||||
your certificates, you may want to use a command like
|
||||
|
||||
``letsencrypt renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"``
|
||||
|
||||
This will stop Nginx so standalone can bind to the necessary ports and
|
||||
then restart Nginx after the plugin is finished. The hooks will only be
|
||||
run if a certificate is due for renewal, so you can run this command
|
||||
frequently without unnecessarily stopping your webserver. More
|
||||
information about renewal hooks can be found by running
|
||||
``letsencrypt --help renew``.
|
||||
|
||||
If you're sure that this command executes successfully without human
|
||||
intervention, you can add the command to ``crontab`` (since certificates
|
||||
are only renewed when they're determined to be near expiry, the command
|
||||
can run on a regular basis, like every week or every day); note that
|
||||
the current version provides detailed output describing either renewal
|
||||
success or failure.
|
||||
can run on a regular basis, like every week or every day). In that case,
|
||||
you are likely to want to use the ``-q`` or ``--quiet`` quiet flag to
|
||||
silence all output except errors.
|
||||
|
||||
The ``--force-renew`` flag may be helpful for automating renewal;
|
||||
it causes the expiration time of the certificate(s) to be ignored when
|
||||
|
|
@ -241,9 +254,11 @@ renewals of that certificate.
|
|||
An alternative form that provides for more fine-grained control over the
|
||||
renewal process (while renewing specified certificates one at a time),
|
||||
is ``letsencrypt certonly`` with the complete set of subject domains of
|
||||
a specific certificate specified via `-d` flags, like
|
||||
a specific certificate specified via `-d` flags. You may also want to
|
||||
include the ``-n`` or ``--noninteractive`` flag to prevent blocking on
|
||||
user input (which is useful when running the command from cron).
|
||||
|
||||
``letsencrypt certonly -d example.com -d www.example.com``
|
||||
``letsencrypt certonly -n -d example.com -d www.example.com``
|
||||
|
||||
(All of the domains covered by the certificate must be specified in
|
||||
this case in order to renew and replace the old certificate rather
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ export GPG_TTY=$(tty)
|
|||
PORT=${PORT:-1234}
|
||||
|
||||
# subpackages to be released
|
||||
SUBPKGS=${SUBPKGS:-"acme certbot-apache certbot-nginx letshelp-certbot"}
|
||||
SUBPKGS=${SUBPKGS:-"acme certbot-apache certbot-nginx letshelp-certbot letsencrypt letsencrypt-apache letsencrypt-nginx letshelp-letsencrypt"}
|
||||
subpkgs_modules="$(echo $SUBPKGS | sed s/-/_/g)"
|
||||
# certbot_compatibility_test is not packaged because:
|
||||
# - it is not meant to be used by anyone else than Certbot devs
|
||||
|
|
@ -162,12 +162,12 @@ done
|
|||
deactivate
|
||||
|
||||
# pin pip hashes of the things we just built
|
||||
for pkg in acme certbot certbot-apache ; do
|
||||
for pkg in acme certbot certbot-apache letsencrypt letsencrypt-apache ; do
|
||||
echo $pkg==$version \\
|
||||
pip hash dist."$version/$pkg"/*.{whl,gz} | grep "^--hash" | python2 -c 'from sys import stdin; input = stdin.read(); print " ", input.replace("\n--hash", " \\\n --hash"),'
|
||||
done > /tmp/hashes.$$
|
||||
|
||||
if ! wc -l /tmp/hashes.$$ | grep -qE "^\s*9 " ; then
|
||||
if ! wc -l /tmp/hashes.$$ | grep -qE "^\s*15 " ; then
|
||||
echo Unexpected pip hash output
|
||||
exit 1
|
||||
fi
|
||||
|
|
@ -188,9 +188,10 @@ while ! openssl dgst -sha256 -verify $RELEASE_OPENSSL_PUBKEY -signature \
|
|||
done
|
||||
|
||||
# copy leauto to the root, overwriting the previous release version
|
||||
cp -p letsencrypt-auto-source/letsencrypt-auto certbot-auto
|
||||
cp -p letsencrypt-auto-source/letsencrypt-auto letsencrypt-auto
|
||||
|
||||
git add letsencrypt-auto letsencrypt-auto-source
|
||||
git add certbot-auto letsencrypt-auto letsencrypt-auto-source
|
||||
git diff --cached
|
||||
git commit --gpg-sign="$RELEASE_GPG_KEY" -m "Release $version"
|
||||
git tag --local-user "$RELEASE_GPG_KEY" --sign --message "Release $version" "$tag"
|
||||
|
|
|
|||
Loading…
Reference in a new issue