From 74941af39dc59c42d8ec6749169ee1c1663b78b7 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 23 Jun 2025 22:43:21 +0200
Subject: pki: T7574: add optional force argument to renew certbot-issued
 certificates

Certbot renewal command in op-mode "renew certbot" only works if any of the
certificates is up for renewal. There is no CLI option to forcefully renew a
certificate. This is about adding a force option to the CLI and with this
addition move the entire certbot renew handling to new-style op-mode commands.

vyos@vyos:~$ renew certbot force
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /config/auth/letsencrypt/renewal/vyos.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for vyos.io

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
  /config/auth/letsencrypt/live/vyos/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' ran with output:
 Updating certificates in /etc/ssl/certs...
 0 added, 0 removed; done.
 Running hooks in /etc/ca-certificates/update.d...
 done.
---
 python/vyos/defaults.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'python')

diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index f84b14040..63f3b5358 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -15,10 +15,10 @@
 
 import os
 
-base_dir = '/usr/libexec/vyos/'
+base_dir = '/usr/libexec/vyos'
 
 directories = {
-  'base' : base_dir,
+  'base' : f'{base_dir}',
   'data' : '/usr/share/vyos/',
   'conf_mode' : f'{base_dir}/conf_mode',
   'op_mode' : f'{base_dir}/op_mode',
-- 
cgit v1.2.3