Thanks folks, all great answers! Not sure if there’s a best or correct answer.
I did not know about certbot *.conf despite combing through the docs many times
and I did not know about the systemctl override dir or the fact that you could
copy that system file to the other dir and it would replace it, I figured that
would make it run twice, good to know!
The renewal/*.conf files seem to be created automatically, I certainly didn’t
create those by hand, so modifying them looks like a bad idea. Maybe using a
pre/post arg to the original certbot command will cause that to be added to
these files on creation? I need to try that.
Michael Grant
From: Jim Popovitch
Sent: 28 November 2018 14:56
To: debian-user@lists.debian.org
Subject: Re: certbot options
On Wed, 2018-11-28 at 13:29 +0000, Michael Grant wrote:
> In /lib/systemd/system/certbot.service
>
> The line to start certbot is:
> ExecStart=/usr/bin/certbot -q renew
>
> If I modify this file by hand:
>
> ExecStart=/usr/bin/certbot -q --pre-hook /usr/local/bin/certbot-
> prehook.sh renew
>
> The next time certbot is updated by apt, this file gets overwritten
> and my change goes away.
>
> Could someone please tell me the proper place to modify certbot’s
> default arg list or is there some systemctl command I should be doing
> instead of modifying this file directly? Or.... is this a bug and
> apt-get should warn me before overwriting this file on update?
Is there a reason why you don't put
"pre-hook /usr/local/bin/certbot-prehook.sh"
in /etc/letsencrypt/renewal/*.conf ?
-Jim P.
