roles/nginx: Add sanity check to systemd service for renewing Let's Encrypt certs

Just in case, we'd better make sure that certbot is installed and usable (+x) before we try running it.
2016-08-17 12:27:33 +03:00 · 2016-08-17 12:27:33 +03:00 · 60c498f5ae
commit 60c498f5ae
parent 2a78c5cf59
1 changed files with 1 additions and 0 deletions
--- a/roles/nginx/templates/renew-letsencrypt.service.j2
+++ b/roles/nginx/templates/renew-letsencrypt.service.j2
@ -3,4 +3,5 @@ Description=Renew Let's Encrypt certificates

 [Service]
 Type=oneshot
+ConditionFileIsExecutable={{ letsencrypt_certbot_dest }}
 ExecStart={{ letsencrypt_certbot_dest }} renew --standalone --pre-hook "/bin/systemctl stop nginx" --post-hook "/bin/systemctl start nginx"