From cf096df2e9d579bc5d11b5061b69ed4285aebad9 Mon Sep 17 00:00:00 2001
From: Feilner <github@oliver.4of.de>
Date: Tue, 9 Feb 2021 19:53:10 +0100
Subject: [PATCH] use certbot deploy-hook to prevent unnecessary modifications
 of the certs

---
 root/app/le-renew.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/root/app/le-renew.sh b/root/app/le-renew.sh
index 5c638a5..8227597 100644
--- a/root/app/le-renew.sh
+++ b/root/app/le-renew.sh
@@ -9,7 +9,7 @@ echo "cronjob running on "$(date)
 echo "Running certbot renew"
 if [ "$ORIGVALIDATION" = "dns" ] || [ "$ORIGVALIDATION" = "duckdns" ]; then
   certbot -n renew \
-    --post-hook "if ps aux | grep [n]ginx: > /dev/null; then s6-svc -h /var/run/s6/services/nginx; fi; \
+    --deploy-hook "if ps aux | grep [n]ginx: > /dev/null; then s6-svc -h /var/run/s6/services/nginx; fi; \
     cd /config/keys/letsencrypt && \
     openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && \
     sleep 1 && \
@@ -18,8 +18,8 @@ if [ "$ORIGVALIDATION" = "dns" ] || [ "$ORIGVALIDATION" = "duckdns" ]; then
 else
   certbot -n renew \
     --pre-hook "if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi" \
-    --post-hook "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; \
-    cd /config/keys/letsencrypt && \
+    --post-hook "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi;" \
+    --deploy-hook "cd /config/keys/letsencrypt && \
     openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && \
     sleep 1 && \
     cat privkey.pem fullchain.pem > priv-fullchain-bundle.pem && \