Should/can this be crontabed? ----- Forwarded message from Let's Encrypt Expiry Bot <expiry@letsencrypt.org> ----- From: Let's Encrypt Expiry Bot <expiry@letsencrypt.org> To: krichel@openlib.org Subject: Let's Encrypt certificate expiration notice for domain "collec.repec.org" Hello, Your certificate (or certificates) for the names listed below will expire in 19 days (on 2023-06-30). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors. We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details. collec.repec.org For details about when we send these emails, please visit: https://letsencrypt.org/docs/expiration-emails/ In particular, note that this reminder email is still sent if you've obtained a slightly different certificate by adding or removing names. If you've replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message. For any questions or support, please visit: https://community.letsencrypt.org/ Unfortunately, we can't provide support by email. To learn more about the latest technical and organizational updates from Let's Encrypt, sign up for our newsletter: https://mailchi.mp/letsencrypt.org/fjp6ha1gad If you are receiving this email in error, unsubscribe at: http://delivery.letsencrypt.org/track/unsub.php?u=30850198&id=a5cabdefc67e41... Please note that this would also unsubscribe you from other Let's Encrypt service notices, including expiration reminders for any other certificates. Regards, The Let's Encrypt Team ----- End forwarded message ----- -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21190th day.
It is usually automated via systemd, but you can use crontab as well. The renewal currently fails though. Check "certbot renew --dry-run". It runs into a 404. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: CollEc-run <collec-run-bounces@lists.openlib.org> On Behalf Of Thomas Krichel Sent: Samstag, 10. Juni 2023 18:17 To: CollEc Run <collec-run@lists.openlib.org> Subject: [CollEc] certificate expiration notice for domain "collec.repec.org" Should/can this be crontabed? ----- Forwarded message from Let's Encrypt Expiry Bot <expiry@letsencrypt.org> ----- From: Let's Encrypt Expiry Bot <expiry@letsencrypt.org> To: krichel@openlib.org Subject: Let's Encrypt certificate expiration notice for domain "collec.repec.org" Hello, Your certificate (or certificates) for the names listed below will expire in 19 days (on 2023-06-30). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors. We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details. collec.repec.org For details about when we send these emails, please visit: https://letsencrypt.org/docs/expiration-emails/ In particular, note that this reminder email is still sent if you've obtained a slightly different certificate by adding or removing names. If you've replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message. For any questions or support, please visit: https://community.letsencrypt.org/ Unfortunately, we can't provide support by email. To learn more about the latest technical and organizational updates from Let's Encrypt, sign up for our newsletter: https://mailchi.mp/letsencrypt.org/fjp6ha1gad If you are receiving this email in error, unsubscribe at: http://delivery.letsencrypt.org/track/unsub.php?u=30850198&id=a5cabdefc67e41... Please note that this would also unsubscribe you from other Let's Encrypt service notices, including expiration reminders for any other certificates. Regards, The Let's Encrypt Team ----- End forwarded message ----- -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21190th day. _______________________________________________ CollEc-run mailing list CollEc-run@lists.openlib.org http://lists.openlib.org/cgi-bin/mailman/listinfo/collec-run
Düben, Christian writes
It is usually automated via systemd, but you can use crontab as well.
The renewal currently fails though. Check "certbot renew --dry-run". It runs into a 404.
It looks like it still goes to the snap certbot. root@helos ~ # ls -l /usr/bin/certbot lrwxrwxrwx 1 root root 17 Apr 1 12:22 /usr/bin/certbot -> /snap/bin/certbot There are two server entrie is here root@helos /etc/nginx/sites-enabled # head -20 collec.repec.org server { if ($host = collec.repec.org) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name collec.repec.org; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443 ssl; server_name collec.repec.org; access_log /var/log/nginx/shinyproxy.access.log; Do we need to temporarily remove the second entry to enable renewal? -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21191st day.
That should not be necessary. I run the same configuration on another Ubuntu machine and it works. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: Thomas Krichel <krichel@openlib.org> Sent: Sonntag, 11. Juni 2023 11:43 To: Düben, Christian <christian.dueben@uni-hamburg.de> Cc: CollEc Run <collec-run@lists.openlib.org> Subject: Re: [CollEc] certificate expiration notice for domain "collec.repec.org" Düben, Christian writes
It is usually automated via systemd, but you can use crontab as well.
The renewal currently fails though. Check "certbot renew --dry-run". It runs into a 404.
It looks like it still goes to the snap certbot. root@helos ~ # ls -l /usr/bin/certbot lrwxrwxrwx 1 root root 17 Apr 1 12:22 /usr/bin/certbot -> /snap/bin/certbot There are two server entrie is here root@helos /etc/nginx/sites-enabled # head -20 collec.repec.org server { if ($host = collec.repec.org) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name collec.repec.org; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443 ssl; server_name collec.repec.org; access_log /var/log/nginx/shinyproxy.access.log; Do we need to temporarily remove the second entry to enable renewal? -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21191st day.
Düben, Christian writes
That should not be necessary. I run the same configuration on another Ubuntu machine and it works.
So how or who will fix? -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21191st day.
I will look more into it tomorrow. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: Thomas Krichel <krichel@openlib.org> Sent: Sonntag, 11. Juni 2023 18:16 To: Düben, Christian <christian.dueben@uni-hamburg.de> Cc: CollEc Run <collec-run@lists.openlib.org> Subject: Re: [CollEc] certificate expiration notice for domain "collec.repec.org" Düben, Christian writes
That should not be necessary. I run the same configuration on another Ubuntu machine and it works.
So how or who will fix? -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21191st day.
Düben, Christian writes
It is usually automated via systemd, but you can use crontab as well.
The renewal currently fails though. Check "certbot renew --dry-run". It runs into a 404.
On tagol, with the certbot installed via Debian/apt, it runs without a hitch root@tagol~# certbot renew --dry-run Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/folks.email.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Account registered. Simulating renewal of an existing certificate for folks.email and www.folks.email - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all simulated renewals succeeded: /etc/letsencrypt/live/folks.email/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21191st day.
participants (2)
-
Düben, Christian -
Thomas Krichel