starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 15:13:33 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

gift: script ro reload Apache2 by systemd timer script (no issue!) #393

New Issue
Closed
opened 2025-12-29 01:24:21 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:24:21 +01:00
Owner
Copy Link

Originally created by @tobwen on GitHub (Dec 22, 2018).

This isn't an issue, just a small gift for everyone, who uses systemd (tested on Debian Stretch):

Warning: I've setup dehydrated with user dehydrated, I don't want this to run as root:
adduser --system --no-create-home --group dehydrated

Then I've added all the details to a global config:

cat << EOF > /etc/dehydrated/conf.d/global.sh
CONTACT_EMAIL=...
DEHYDRATED_USER=dehydrated
DEHYDRATED_GROUP=dehydrated
HOOK="/etc/dehydrated/hook.sh"
EOF

Setup a hook to reload apache2:

cd /usr/bin/dehydrated
curl -LO https://github.com/lukas2511/dehydrated/raw/master/docs/examples/hook.sh
sed -i 's/\(# systemctl reload nginx\)/\1\n    systemctl reload apache2/g' hook.sh

And finally setup systemd timers:

cat << EOF > /etc/systemd/system/dehydrated.service
[Unit]
Description=Renew Let's Encrypt certificates
Documentation=https://github.com/lukas2511/dehydrated

[Service]
Type=oneshot
User=dehydrated
Group=dehydrated
WorkingDirectory=/var/lib/dehydrated
ExecStart=/usr/bin/dehydrated -c

[Install]
Also=dehydrated.timer
EOF

cat << EOF > /etc/systemd/system/dehydrated.timer
[Unit]
Description=Daily try to renew Let's Encrypt certificates

[Timer]
OnCalendar=daily
Persistent=true
Accuracy=1h
RandomizedDelaySec=12h

[Install]
WantedBy=timers.target
EOF

# initialize changes
systemctl daemon-reload

# test it
systemctl start dehydrated
systemctl status dehydrated

# integrate it
systemctl enable dehydrated.timer
systemctl start dehydrated.timer
systemctl status dehydrated.timer

You could add stuff like OnFailure to get informed via mail, Slack etc. Thanks a lot to #systemd on freenode.

Edit
Oops, seems like the hook gets run a user dehydrated. PolicyKit disallows to restart apache2.service of course. So it's up to user either to fix it in PolicyKit, sudo or to simply run the service as root.

Originally created by @tobwen on GitHub (Dec 22, 2018). This isn't an issue, just a small gift for everyone, who uses _systemd_ (tested on Debian Stretch): Warning: I've setup _dehydrated_ with user _dehydrated_, I don't want this to run as root: `adduser --system --no-create-home --group dehydrated` Then I've added all the details to a global config: ``` cat << EOF > /etc/dehydrated/conf.d/global.sh CONTACT_EMAIL=... DEHYDRATED_USER=dehydrated DEHYDRATED_GROUP=dehydrated HOOK="/etc/dehydrated/hook.sh" EOF ``` Setup a hook to reload _apache2_: ``` cd /usr/bin/dehydrated curl -LO https://github.com/lukas2511/dehydrated/raw/master/docs/examples/hook.sh sed -i 's/\(# systemctl reload nginx\)/\1\n systemctl reload apache2/g' hook.sh ``` And finally setup _systemd timers_: ``` cat << EOF > /etc/systemd/system/dehydrated.service [Unit] Description=Renew Let's Encrypt certificates Documentation=https://github.com/lukas2511/dehydrated [Service] Type=oneshot User=dehydrated Group=dehydrated WorkingDirectory=/var/lib/dehydrated ExecStart=/usr/bin/dehydrated -c [Install] Also=dehydrated.timer EOF cat << EOF > /etc/systemd/system/dehydrated.timer [Unit] Description=Daily try to renew Let's Encrypt certificates [Timer] OnCalendar=daily Persistent=true Accuracy=1h RandomizedDelaySec=12h [Install] WantedBy=timers.target EOF # initialize changes systemctl daemon-reload # test it systemctl start dehydrated systemctl status dehydrated # integrate it systemctl enable dehydrated.timer systemctl start dehydrated.timer systemctl status dehydrated.timer ``` You could add stuff like _OnFailure_ to get informed via mail, _Slack_ etc. Thanks a lot to #systemd on _freenode_. **Edit** Oops, seems like the hook gets run a user _dehydrated_. _PolicyKit_ disallows to restart _apache2.service_ of course. So it's up to user either to fix it in _PolicyKit_, _sudo_ or to simply run the service as root.
adam closed this issue 2025-12-29 01:24:21 +01:00
adam commented 2025-12-29 01:24:22 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Jan 10, 2019):

Closing: Not a bug

You can add stuff like this to the wiki. It's open for user contribution. Thanks.

@lukas2511 commented on GitHub (Jan 10, 2019): Closing: Not a bug You can add stuff like this to the wiki. It's open for user contribution. Thanks.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#393
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?