Comments (7)
but there is no background job running
What exactly do you mean by this? How/where did you check?
from certbot.
but there is no background job running
What exactly do you mean by this? How/where did you check?
nothing happened:
- still the old certs in /etc/letsencrypt/live
- no new entry in /var/log/letsencrypt
also i'm not sure how the task is triggered, but there is neither a cronjob nor a systemd-timer.
from certbot.
I don't fully understand why you would see that message. It would only show if the --preconfigured-renewal
option was used, which is a packager use only option (i.e., not to be used by users on the command line, but by the packager of an OS package).
If I take a look at the contents of the OL8 EPEL Certbot 1.22.0-1 RPM, I do not see such option actually being used anywhere.
That said, I also can't find that option in the Debian .deb
package of which I know it does install a systemd timer.. 🤔 So maybe I'm not searching good enough.
Anyway, Certbot itself (the Python application) does not automatically insert cronjobs or systemd timers and relies on the --preconfigured-renewal
option to show you that message, which is added by packagers. The recommended method of installing Certbot using snap
however does install a (indirect I believe) systemd timer. For OS packages it's left to the packager of that package to add a systemd timer or cronjob.
So while I don't fully understand the OL8 EPEL package, I don't believe this is actually a Certbot issue.
from certbot.
I don't fully understand why you would see that message. It would only show if the
--preconfigured-renewal
option was used, which is a packager use only option (i.e., not to be used by users on the command line, but by the packager of an OS package).
Well, I see the message.
So while I don't fully understand the OL8 EPEL package, I don't believe this is actually a Certbot issue.
At least certbot shows the wrong message.
Anyway, Certbot itself (the Python application) does not automatically insert cronjobs or systemd timers and relies on the
--preconfigured-renewal
option to show you that message, which is added by packagers. The recommended method of installing Certbot usingsnap
however does install a (indirect I believe) systemd timer. For OS packages it's left to the packager of that package to add a systemd timer or cronjob.
I never understood why snap is the recommended method. Does anybody really like snap?
Back to topic: For now I will set up a systemd timer or a cronjob manually in future. But maybe someone finds out what is really going wrong here. Either Oracle Linux (or RHEL) made a mistake in the EPEL Repo or I missed something...
from certbot.
At least certbot shows the wrong message.
No, Certbot shows a message as instructed by the --preconfigured-renewal
option. Of course I cannot exclude a bug with the limited information provided, but I highly doubt it. If you would have shown a log as requested by the initial questionnaire when you opened this issue (which you have deleted), we could investigate further.
But maybe someone finds out what is really going wrong here. Either Oracle Linux (or RHEL) made a mistake in the EPEL Repo or I missed something...
You might want to reach out to the OL8 EPEL packager.
from certbot.
No, Certbot shows a message as instructed by the
--preconfigured-renewal
option.
You are right. What I meant was that this message made me think, certbot creates the timer.
Of course I cannot exclude a bug with the limited information provided, but I highly doubt it. If you would have shown a log as requested by the initial questionnaire when you opened this issue (which you have deleted), we could investigate further.
Sorry for the few information. This issue is reproducable on a fresh OL8 with only certbot and httpd or nginx installed.
I have checked all logfiles. After creating the certificates no new entry was appended and while creating no error occoured. But I will check the logs again and provide them here soon.
While answering I had another idea: Maybe SELinux caused that the systemd-timer was not created. I'll check this also...
You might want to reach out to the OL8 EPEL packager.
That will be the next step ;)
from certbot.
Actually there is a certbot-renew.timer in /usr/lib/systemd/system, which is just not enabled. Running systemctl enable --now certbot-renew.timer
makes it work as expected. Same issue on Rocky Linux (did not check other RHEL Clones yet)
from certbot.
Related Issues (20)
- certbot renew --dry-run does not execute renewal-hooks/deploy/ scripts HOT 1
- Challenge files are created with insufficient permissions
- certbot is complaining about a missing crtptography package greater than 35
- SHA256(or other algorithm) support for certbot ocsp validation
- Certbot fails to start HOT 1
- [Nginx] Server Block Not Found in External Nginx Config Files with External global HTTP Block
- snap package Win.Virus.Expiro-10026576-0 FOUND HOT 2
- need huawei dns HOT 1
- [Need] --dns-route53-propagation-seconds come back HOT 1
- Failed Renews Do Not Provide Environment Variable to Scripts HOT 1
- Please add more diagnostics (hints) to certbot
- webroot_map entries missing for re-issues with added domains HOT 4
- add support for cloudflare's 3.0 python package HOT 3
- Confusing variable naming in certbot/acme (private_key/privkey) HOT 1
- certbot-nginx could not parse file nginx.conf: Expected string_end, found 'http' HOT 2
- CSR's SAN field not following the user's desired order when requesting interactively, due to _scrub_checklist_input not preversing order HOT 2
- Valid Apache config raises Syntax error and prevents renewal HOT 3
- certbot-dns-cloudflare treats the subdomain as the zone during API call HOT 4
- Rollback nginx configuration command does not seem to work properly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certbot.