From owner-freebsd-questions@freebsd.org Fri Sep 11 06:59:32 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 745B13EFB7E for ; Fri, 11 Sep 2020 06:59:32 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BnmpC4JjPz3g35 for ; Fri, 11 Sep 2020 06:59:31 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mail-oi1-x22d.google.com with SMTP id d189so8465475oig.12 for ; Thu, 10 Sep 2020 23:59:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qIeTMqsCitOLHvEXurlfCTk+IYr2VvLSrxvBo8ZVDPE=; b=WsgE742XcS/yHeyeiejC+9/Pcl1ow6mYVKW1QRBWknM+GXUwaEJKhQPuicJ4jAMZmW zsmRHxw7cEJSl9jdZNtaE3g91cFC29O5471dJ+c3zSNeAGs7NN9qk5Cu46AIVM2m4CEN wAQH9WmHsn/g2pHXFa+6pRNzH/onmVqP5k4InS6peN8CDh5qbbCdNqQ5kUPN8NfCF9rA 9l+McathvNM/PajQYdw+HxIY5EacnjkkcCfXG6rqihckiRgvMqHkA/6jUSrv0sFBdeb8 unwza4ICJBGaukO+94KLjTPRIclkqvJjMN33jbnYT2pk3lClsLLgfvM2N+C6HEWgugtc Mzww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qIeTMqsCitOLHvEXurlfCTk+IYr2VvLSrxvBo8ZVDPE=; b=L3gGRmxtCz/M0sgCWhhdfw9RPu4TQtxPhSFVoBoOCSbNkK8v9e7FqzXtMUibeAWqOM dt20FWd/E44UdijHDFBcn3As5W/1emW8E/Uym+hrddaFzJO3lxAp3Ch5peX68LU2WwxJ rNAuFCcbLBcSH2byiNdBdaYygZmx2kYa8vk7yiVS2mZvX3WWrJzBMXEU5wT81mKImC07 EP3t5UsJskVPl6sTr5FxO4pOGpK80K47vi2Tlmhn7/s/g1T/hxJuiLpMuajtxyGuZD7T 3/wOkFKi3wlr2r0+xndC6Kli4Tp7bOmLWvZPr5SDnj8YRiXmttUC2v3iL3aXhyVo4Gv4 QGOQ== X-Gm-Message-State: AOAM530TQ5eaP17MZEtVJYQ1EBp+T/zpOjcMTn7wWtioeWPspHGNyVWG 5upCN7g8xLUi9api9QZOmVH8TOFh0UOn8yZcxFtWsYPQBgEnFw== X-Google-Smtp-Source: ABdhPJxNMszl7ik0Z/AlJdJyxjpmB3n/51cScAXhaaUMPJ1c3EJ70wpEz8lOlG5axZ9RJAqkhIvE+lqJYnIdv6qkePc= X-Received: by 2002:a05:6808:8e5:: with SMTP id d5mr469777oic.33.1599807570453; Thu, 10 Sep 2020 23:59:30 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Odhiambo Washington Date: Fri, 11 Sep 2020 09:58:51 +0300 Message-ID: Subject: Re: py37-certbot question To: Valeri Galtsev Cc: FreeBSD Mailing List X-Rspamd-Queue-Id: 4BnmpC4JjPz3g35 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=WsgE742X; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of odhiambo@gmail.com designates 2607:f8b0:4864:20::22d as permitted sender) smtp.mailfrom=odhiambo@gmail.com X-Spamd-Result: default: False [-3.51 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.982]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-0.97)[-0.975]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::22d:from]; NEURAL_HAM_SHORT(-0.55)[-0.553]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Sep 2020 06:59:32 -0000 On Fri, 11 Sep 2020 at 00:48, Valeri Galtsev wrote: > Dear Experts, > > I hope, someone knows details of python3 based certbot. Namely, if run > with "update" command, it updated certificates that will expire "soon". > How soon, it doesn't say in man page, just soon. Does someone know how > close to expiration cert should be to be considered by the script for > renewal. > > I use certbot since its python 2 version - for quite some time actually > to renew LetsEncrypt certificates. With python2 version in the past I > run cron job daily and I was restarting apache from that same script if > certificate was updated. With python3 version when I switched to it I > followed somebody's HOWTO, and just added to /etc/periodic.conf: > > weekly_certbot_enable="YES" > weekly_certbot_service="apache24" > > And was living happily ever since. However, one of the machines is about > 4 days before expiration, Letsencrypt sent me notification: update cert. > I checked, and crond is runnning, /etc/periodic.conf is as expected, and > now, 4 days before expiration script (with --dry run flag) indeed goes > about renewing the cert. There is one weekly cron jobs set that will > happen before actual expiration of my certs, so I somehow think all is > OK and my cert will be renewed. > > But I am just curios how many days before expiration certbot does renew > certificate that will expire "soon". > > > Or should I probably switch it over to daily cron job? > > As every lazy sysadmin, I do prefer to set things up so they definitely > work without my attention. And I do not want to be reminded to do > something it it will still happen on its own. So, switch to daily cron job? > You could use this: https://github.com/vbotka/ansible-leutils I have been using it on my systems for 4 years. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)