This script can be used from a deploy hook in certbot. It generates an email notification informing the recipient about the newly created certificate and its domains.
Additionally, the newly created certificate is attached.
This can be useful in order to correlate the new certificate renewal with for example crt.sh notifications. You could also send the notification to a mailinglist if you have users that want to manually check the server certificate.
You can use this script from a deploy hook in certbot. Either use the
built-in SMTP capability for sending directly to a host or pipe the output
to a sendmail or equivalent command.
For example place the following script in your hook directory
(/etc/letsencrypt/renewal-hooks/deploy):
#!/bin/sh
/usr/local/bin/certbot_notify_post_hook.py [email protected] [email protected]
This assumes you have a mail server listening on localhost:25.
If you use sendmail for sending, you can just pipe the output of the
script to sendmail using the --print-only option.
Note that you still need to specify the From- and To-addresses for the
certbot_notify_post_hook.py command and depending on your sendmail
command also as parameters to the sendmail command. (For example with
postfix's sendmail, you can instead just use -t.)
Example for hook script:
#!/bin/sh
/usr/local/bin/certbot_notify_post_hook.py --print-only [email protected] [email protected] \\
| /usr/sbin/sendmail -t
At least in version 0.28.0 of certbot, the required environment variables are only set when called as deploy-hook and not when called as post-renewal-hook.
Licensed under MIT license - see LICENSE file for details.
If in doubt what this means, see https://opensource.org/licenses/MIT.