Ncp: Letsencrypt seems to always renew into -0001-files

Hey Forumists, esp. @OliverV and @nachoparker

Followup of NextCloudPi certbot doesn't work:

as the title says… nc-Letsenrypt-routine works… but even if I would move the sub.domain.tld into sub.domain.tld-old (as @OliverV) suggested in his linked posting the renewal ran by nc-config (from commandline) would end up making a whole new file called sub.domain.tld-0001 - which, of course, wouldn’t be recognized by apache at all. unless you’d tweak given apache-files to recognize them).

so right now everything is working again. but somehow this seems to be a misbehaviour of the renewal-procedure. I don’t know how to solve it.

I’m running NC 18.0.5 on a nc-VM hosted on my network at office/home.
image-file: NextCloudPi_12-21-19
ncp v 1.28.0

(if you’d need more info, jst let me know and I’m gonna provide that asap)

looking foward to any helpful comment :wink:

If your domains change (if you remove one), it’s expected for certbot to behave that way.

The issue arises because ncp does not handle the domain-0001 directories.

A solution can be to actually use the certbot deploy hook (1) feature with its variables, and let a dedicated script perform sed -i on apache’s config, of specify a --cert-name $DOMAIN_LOWERCASE on this line so that the old name gets reused.


  --deploy-hook DEPLOY_HOOK
                        Command to be run in a shell once for each
                        successfully issued certificate. For this command, the
                        shell variable $RENEWED_LINEAGE will point to the
                        config live subdirectory (for example,
                        "/etc/letsencrypt/live/") containing the
                        new certificates and keys; the shell variable
                        $RENEWED_DOMAINS will contain a space-delimited list
                        of renewed certificate domains (for example,
                        "" (default: None)