starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Symlinks not being updated, even thought new certificates are created #458

New Issue
Closed
opened 2025-12-29 01:25:36 +01:00 by adam · 2 comments
adam commented 2025-12-29 01:25:36 +01:00
Owner
Copy Link

Originally created by @frederickjh on GitHub (Feb 13, 2020).

dehydrated creates symlinks to the current PEM-encoded certificate files. These are named

  • cert.pem (and cert.csr) for the certificate (resp. the CSR)
  • chain.pem for the intermediary certifcate, which the server needs to send too
  • fullchain.pem for the concatenation of the above two
  • privkey.pem for the file containing the private key

These links were created when I first created certificates now new certificates are successfully created but the symlinks are not updated to point to the new files.

The relevant code is 307eaadddf/dehydrated (L1073-L1079)

When I turn on shell debugging with:

set -x
PS4=':${LINENO} + '

and then run dehydrated it does not run these lines of code. I am running dehydrated with the following options: dehydrated --force --cron --domain "subdomain.example.com *.subdomain.example.com".
It the config file: CHALLENGETYPE="dns-01"

Any ideas as to why the symlinks are not being updated?

I see in this closed issue #368 that the deploy_cert hook can be used for this but I thought dehydrated should do this out of the box.

Thanks in advance for any help you can give!
Frederick

Originally created by @frederickjh on GitHub (Feb 13, 2020). dehydrated creates symlinks to the current PEM-encoded certificate files. These are named - `cert.pem` (and `cert.csr`) for the certificate (resp. the CSR) - `chain.pem` for the intermediary certifcate, which the server needs to send too - `fullchain.pem` for the concatenation of the above two - `privkey.pem` for the file containing the private key These links were created when I first created certificates now new certificates are successfully created but the symlinks are not updated to point to the new files. The relevant code is https://github.com/dehydrated-io/dehydrated/blob/307eaadddfd49aeafda6984f11e6731329372cd5/dehydrated#L1073-L1079 When I turn on shell debugging with: ```shell set -x PS4=':${LINENO} + ' ``` and then run dehydrated it does not run these lines of code. I am running dehydrated with the following options: `dehydrated --force --cron --domain "subdomain.example.com *.subdomain.example.com"`. It the config file: CHALLENGETYPE="dns-01" Any ideas as to why the symlinks are not being updated? I see in this closed issue #368 that the `deploy_cert` hook can be used for this but I thought dehydrated should do this out of the box. Thanks in advance for any help you can give! Frederick
adam closed this issue 2025-12-29 01:25:36 +01:00
adam commented 2025-12-29 01:25:37 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Feb 17, 2020):

Mh, it should definitively update those symlinks... does it maybe exit before updating the symlinks? If your hook-script doesn't allow for unknown hooks it might cause dehydrated to exit when trying to run the sync_cert hook. I'm going to change the behaviour of this in the next few days so that in cases like that dehydrated will exit with an appropriate error message instead of silently failing...

@lukas2511 commented on GitHub (Feb 17, 2020): Mh, it should definitively update those symlinks... does it maybe exit before updating the symlinks? If your hook-script doesn't allow for unknown hooks it might cause dehydrated to exit when trying to run the `sync_cert` hook. I'm going to change the behaviour of this in the next few days so that in cases like that dehydrated will exit with an appropriate error message instead of silently failing...
adam commented 2025-12-29 01:25:37 +01:00
Author
Owner
Copy Link

@frederickjh commented on GitHub (Feb 17, 2020):

I did a bit more digging, only to find that the issue is not with dehydrated. It is with the hooks scripts I am using for DNSexit. When the hook fails it does so silently. I figured this out when I noticed not all of the files were being created and the pem file was 0 bytes. Sorry for filing this non-issue.

@frederickjh commented on GitHub (Feb 17, 2020): I did a bit more digging, only to find that the issue is not with dehydrated. It is with the hooks scripts I am using for DNSexit. When the hook fails it does so silently. I figured this out when I noticed not all of the files were being created and the pem file was 0 bytes. Sorry for filing this non-issue.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#458
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?