Fix certbot hook script paths and add logging

Hook scripts are at /haproxy/scripts/ inside the container (per Dockerfile COPY), not /app/scripts/. Also added logging of certbot stdout/stderr so failures are visible in haproxy-manager.log. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 06:18:14 -08:00
parent 91c92dd07e
commit 657cd28344
1 changed files with 5 additions and 3 deletions
--- a/haproxy_manager.py
+++ b/haproxy_manager.py
@@ -1154,8 +1154,9 @@ def dns_challenge_request():
    # Start certbot in background thread
    def run_certbot():
        try:
-            auth_hook = '/app/scripts/dns-challenge-auth-hook.sh'
-            cleanup_hook = '/app/scripts/dns-challenge-cleanup-hook.sh'
+            auth_hook = '/haproxy/scripts/dns-challenge-auth-hook.sh'
+            cleanup_hook = '/haproxy/scripts/dns-challenge-cleanup-hook.sh'
+            logger.info(f"Starting certbot DNS-01 for *.{base_domain} with auth_hook={auth_hook}")
            result = subprocess.run([
                'certbot', 'certonly', '-n',
                '--manual', '--preferred-challenges', 'dns-01',
@@ -1163,10 +1164,11 @@ def dns_challenge_request():
                '--manual-auth-hook', auth_hook,
                '--manual-cleanup-hook', cleanup_hook
            ], capture_output=True, text=True, timeout=600)
+            logger.info(f"DNS-01 certbot stdout for *.{base_domain}: {result.stdout}")
            if result.returncode == 0:
                logger.info(f"DNS-01 certbot completed successfully for *.{base_domain}")
            else:
-                logger.error(f"DNS-01 certbot failed for *.{base_domain}: {result.stderr}")
+                logger.error(f"DNS-01 certbot failed for *.{base_domain} (rc={result.returncode}): {result.stderr}")
        except subprocess.TimeoutExpired:
            logger.error(f"DNS-01 certbot timed out for *.{base_domain}")
        except Exception as e: