From 60c498f5ae43e8e8362bea9a3816714ee5d777b7 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Wed, 17 Aug 2016 12:27:33 +0300 Subject: [PATCH] roles/nginx: Add sanity check to systemd service for renewing Let's Encrypt certs Just in case, we'd better make sure that certbot is installed and usable (+x) before we try running it. --- roles/nginx/templates/renew-letsencrypt.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nginx/templates/renew-letsencrypt.service.j2 b/roles/nginx/templates/renew-letsencrypt.service.j2 index ee4a7d4..db96058 100644 --- a/roles/nginx/templates/renew-letsencrypt.service.j2 +++ b/roles/nginx/templates/renew-letsencrypt.service.j2 @@ -3,4 +3,5 @@ Description=Renew Let's Encrypt certificates [Service] Type=oneshot +ConditionFileIsExecutable={{ letsencrypt_certbot_dest }} ExecStart={{ letsencrypt_certbot_dest }} renew --standalone --pre-hook "/bin/systemctl stop nginx" --post-hook "/bin/systemctl start nginx"