Hook 'deploy-hook' reported error code 1

Question

Hook 'deploy-hook' reported error code 1

romale opened this issue 3 years ago · 3 comments

Hi,
before today, i've used 0.5 version of the certbot-zimbra. But because "Unable to validate certificate chain DST Root CA X3", i installed certbot from snap and used --force-renewal --preferred-chain "ISRG Root X1" cli, but not success.
Certificates in /etc/lets.../live is updated while running cli below, but hook not worked for me, so zimbra ssl store keep old certs.
Any ideas?
Thanks.

certbot renew --pre-hook "/opt/scripts/certbot_zimbra.sh -p" --renew-hook "/opt/scripts/certbot_zimbra.sh -d mail.domain.ru" --force-renewal  --preferred-chain "ISRG Root X1"

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.domain.ru.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'pre-hook' ran with output:
 certbot-zimbra v0.7.12 - https://github.com/YetOpen/certbot-zimbra
 Checking for dependencies...
 Detected Zimbra 8.8.15 on RHEL7_64
 Using zmhostname to detect domain.
 Using domain mail.domain.ru (as certificate DN)
 Checking zimbra-proxy is running and enabled
 Detecting port from zimbraMailProxyPort
 Checking if process is listening on port 80 with name "nginx" user "zimbra"
 Nginx templates already patched.
 Nginx includes already patched, skipping zmproxy restart.
Renewing an existing certificate for mail.domain.ru
Hook 'deploy-hook' reported error code 1
Hook 'deploy-hook' ran with output:
 An error seems to have occurred. Please read the output above for clues and try to rectify the situation.
 If you believe this is an error with the script, please file an issue at https://github.com/YetOpen/certbot-zimbra.
Hook 'deploy-hook' ran with error output:
 Unknown option: mail.domain.ru. Try --help for usage.                                                                                                                                                    

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded: 
  /etc/letsencrypt/live/mail.domain.ru/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Answer 1 · 2021-10-04T21:58:01.000Z

Options between 0.5 and 0.7 are incompatible. Read the readme. You need to change the pre and post deploy hook commands.

Answer 2 · 2021-10-06T08:28:12.000Z

Ok, thank you.

Answer 3 · 2021-10-07T13:19:29.000Z

Actually I see you have the right arguments for 0.7 (-p and -d) but are missing the -H for hostname:
--renew-hook "/opt/scripts/certbot_zimbra.sh -d -H mail.domain.ru"
Usually passing the hostname is not really necessary since the script uses zmhostname to find it, unless that's not the right one.