Date: Fri, 11 Sep 2020 09:58:51 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: Valeri Galtsev <galtsev@kicp.uchicago.edu> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: py37-certbot question Message-ID: <CAAdA2WMmiR08mBcpEtrXST0BCafcwkZHEagVmYR%2B318yxonPdA@mail.gmail.com> In-Reply-To: <f3481d62-9c16-4740-f1b1-c808beb5998c@kicp.uchicago.edu> References: <f3481d62-9c16-4740-f1b1-c808beb5998c@kicp.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Sep 2020 at 00:48, Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: > Dear Experts, > > I hope, someone knows details of python3 based certbot. Namely, if run > with "update" command, it updated certificates that will expire "soon". > How soon, it doesn't say in man page, just soon. Does someone know how > close to expiration cert should be to be considered by the script for > renewal. > > I use certbot since its python 2 version - for quite some time actually > to renew LetsEncrypt certificates. With python2 version in the past I > run cron job daily and I was restarting apache from that same script if > certificate was updated. With python3 version when I switched to it I > followed somebody's HOWTO, and just added to /etc/periodic.conf: > > weekly_certbot_enable="YES" > weekly_certbot_service="apache24" > > And was living happily ever since. However, one of the machines is about > 4 days before expiration, Letsencrypt sent me notification: update cert. > I checked, and crond is runnning, /etc/periodic.conf is as expected, and > now, 4 days before expiration script (with --dry run flag) indeed goes > about renewing the cert. There is one weekly cron jobs set that will > happen before actual expiration of my certs, so I somehow think all is > OK and my cert will be renewed. > > But I am just curios how many days before expiration certbot does renew > certificate that will expire "soon". > > > Or should I probably switch it over to daily cron job? > > As every lazy sysadmin, I do prefer to set things up so they definitely > work without my attention. And I do not want to be reminded to do > something it it will still happen on its own. So, switch to daily cron job? > You could use this: https://github.com/vbotka/ansible-leutils <https://github.com/vbotka/ansible-leutils>I have been using it on my systems for 4 years. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WMmiR08mBcpEtrXST0BCafcwkZHEagVmYR%2B318yxonPdA>