Version0.27とか0.28のときのcertbot
/lib/systemd/system/certbot.service
[Unit] Description=Certbot Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html Documentation=https://letsencrypt.readthedocs.io/en/latest/ [Service] Type=oneshot ExecStart=/usr/bin/certbot -q renew PrivateTmp=true # ださいけど更新時にnginxの一時停止をする ExecStartPre=/bin/systemctl stop nginx ExecStartPost=/bin/systemctl start nginx
/etc/letsencrypt/renewal/hoge.example.com.conf
# renew_before_expiry = 30 days version = 0.27.0 archive_dir = /etc/letsencrypt/archive/hoge.example.com cert = /etc/letsencrypt/live/hoge.example.com/cert.pem privkey = /etc/letsencrypt/live/hoge.example.com/privkey.pem chain = /etc/letsencrypt/live/hoge.example.com/chain.pem fullchain = /etc/letsencrypt/live/hoge.example.com/fullchain.pem # Options used in the renewal process [renewalparams] account = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx authenticator = standalone server = https://acme-v02.api.letsencrypt.org/directory
この書き方だと、certbotがエラーおこしたときにnginxが止まったままになるのでよろしくない