Certbot: Document certbot's exit status codes

Created on 20 Jan 2017 · 2Comments · Source: certbot/certbot

Recommendation: certbot's command line exit status codes should be added to the user documentation.

Use case: I have a shell script that does something when certbot updates the certificates that are about to expire. The easiest way I could think to do that would be to run the cerbot renew command, and check its exit status.

I observe that the exit code is 1 when the certbot did not need to update the certs. I assume the status would be 0 when it does update the certs. Users could possibly also add contingencies to their scripts and tools in case something went wrong and there were other status codes.

Source

terrycloth

Most helpful comment

For somebody looking to automate certbot with ansible or the likes (that is why I initially ended up here), I used --post-hook "touch change_occured" when calling certbot to then check afterwards if the change_occured file exists, do things accordingly and then delete change_occured. If nothing was updated, change_occured is not created, so that way you always know if something changed (and if there was an error ansible aborts anyway).

iquito on 27 Feb 2017

👍6

All 2 comments

Other than exiting with 0 for success and non-zero for failure, Certbot actually doesn't use different exit codes to convey information to the user. Instead, Certbot allows you to pass in commands to be executed when renewal occurs. You can learn more about this with the output of certbot --help renew and can read more about why we made this decision here. In your case, you probably want to use --renew-hook.

Also, certbot renew should not exit with 1 when it does not need to update the certificates. If this is the code you're seeing, it suggests there is a problem. If you're getting this exit code without an error message written to stderr, please open a new ticket with the log of the issue.