diff options
| author | Christian Breunig <christian@breunig.cc> | 2025-06-23 22:43:21 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2025-06-23 22:45:32 +0200 |
| commit | 74941af39dc59c42d8ec6749169ee1c1663b78b7 (patch) | |
| tree | eb31931269a8d81b3bae71890e58814c6f8cd449 /op-mode-definitions | |
| parent | a4e2f96b133a9f753b6b9fd4686f3ff2a8694dfe (diff) | |
| download | vyos-1x-74941af39dc59c42d8ec6749169ee1c1663b78b7.tar.gz vyos-1x-74941af39dc59c42d8ec6749169ee1c1663b78b7.zip | |
pki: T7574: add optional force argument to renew certbot-issued certificates
Certbot renewal command in op-mode "renew certbot" only works if any of the
certificates is up for renewal. There is no CLI option to forcefully renew a
certificate. This is about adding a force option to the CLI and with this
addition move the entire certbot renew handling to new-style op-mode commands.
vyos@vyos:~$ renew certbot force
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /config/auth/letsencrypt/renewal/vyos.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for vyos.io
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
/config/auth/letsencrypt/live/vyos/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' ran with output:
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Diffstat (limited to 'op-mode-definitions')
| -rw-r--r-- | op-mode-definitions/pki.xml.in | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in index 43fb1fe2b..542b15e9d 100644 --- a/op-mode-definitions/pki.xml.in +++ b/op-mode-definitions/pki.xml.in @@ -576,12 +576,20 @@ </node> <node name="renew"> <children> - <leafNode name="certbot"> + <node name="certbot"> <properties> - <help>Start manual certbot renewal</help> + <help>Manual certbot renewal</help> </properties> - <command>systemctl start certbot.service</command> - </leafNode> + <command>${vyos_op_scripts_dir}/pki.py renew_certbot</command> + <children> + <leafNode name="force"> + <properties> + <help>Force manual certbot renewal</help> + </properties> + <command>${vyos_op_scripts_dir}/pki.py renew_certbot --force</command> + </leafNode> + </children> + </node> </children> </node> </interfaceDefinition> |