Let's Encrypt hook questions

[Daniel_Dog]

Hello everyone,

I am currently in the process of making my install script for DirectAdmin compatible with Cloud-Init so that it can be used for automatic deployment.
One of the things my script does is move a bash file to the custom script folder and adding a crontab job that runs once a month.

This is not my ideal scenario since this could lead to mysql having the old certificate and taking days to weeks before it gets the current certificate.
That is why I would like to hook this script into the let's encrypt post hook.

My current script can be found at: https://github.com/realcryptonight/...94663bacfcd05dc7fc/files/mysql_update_cert.sh

So my questions are:
1. Does the post hook script have permission to restart a service via systemctl since this is needed for mysql to load the new certificate?
2. Does the post hook script have permission to read /usr/local/directadmin/conf/cacert.pem, /usr/local/directadmin/conf/carootcert.pem, /usr/local/directadmin/conf/cakey.pem?
3. Does the post hook script have permission to write/override files in the /var/lib/mysql/ folder? (Since that is where the certificates needs to be stored for mysql.)
4. Can I trigger the post hook script via DirectAdmin to test the script without needing to renew the let's encrypt certificates? (A.K.A do a dry run)

 

[zEitEr]

Hello,

Here you can see the hooks executed in relation to Let's Encrypt:

• /usr/local/directadmin/scripts/custom/letsencrypt_pre.sh - executed before requesting a SSL certificate from Let's Encrypt
• /usr/local/directadmin/scripts/custom/letsencrypt_post.sh - executed after requesting a SSL certificate from Let's Encrypt
• /usr/local/directadmin/scripts/custom/user_httpd_write_post.sh
• /usr/local/directadmin/scripts/custom/ssl_save_post.sh

Hooks are usually executed by a superuser "root". You might easily check it.

More information:

- https://www.directadmin.com/features.php?id=1841
- https://www.directadmin.com/features.php?id=2630