fix hook

tasks/main.yml

@@ -31,7 +31,7 @@
     dest: "{{ __lego_base_dir }}/bin/hook-{{ item.name }}.sh"
     owner: root
     group: root
-    mode: "0600"
+    mode: "0700"
   when: item.hook is defined
   loop: "{{ lego_certificates }}"
   loop_control:
@@ -47,7 +47,7 @@
     --dns="cloudflare"
     {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }}
     run
-    {{ '--run-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }}
+    {{ '--run-hook="' + __lego_base_dir + '/bin/hook-' + item.name + '.sh"' if item.hook is defined else '' }}
   args:
     creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt"
   environment:

templates/cron-lego-renew.sh.j2

@@ -1,4 +1,4 @@
-#!/bin/env bash
+#!/usr/bin/env bash
 # run this script daily to renew any letsencrypt certs that need renewing
 # renew cert if it expires within 30 days
 
@@ -8,6 +8,6 @@ export CLOUDFLARE_DNS_API_TOKEN="{{ lego_cloudflare_api_token }}"
 
 {% for cert in lego_certificates %}
 echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}."
-{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} renew {{ '--renew-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }} --days 30
+{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} renew {{ '--run-hook="' + __lego_base_dir + '/bin/hook-' + cert.name + '.sh"' if cert.hook is defined else '' }} --days 30
 
 {% endfor %}