From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp1.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms8.migadu.com with LMTPS
	id gGRdJzg3umVKvQAA62LTzQ:P1
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 31 Jan 2024 13:04:08 +0100
Received: from aspmx1.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1.migadu.com with LMTPS
	id gGRdJzg3umVKvQAA62LTzQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 31 Jan 2024 13:04:08 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=zancanaro.id.au header.s=k1 header.b=eWZ8YGaw;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=zancanaro.id.au (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1706702648; a=rsa-sha256; cv=none;
	b=FAbTD+/2mWC+NKaa6aJS25icYEPpjq855KPHgitJHZkwvvf5+cVZMqS+rH0sGYMRuS1DCQ
	YHmFnF+ugKrJ/hPor5VayzxvN+20sooJWteyBcZ0X5S8XG2fVtQuRUfFs83Iw7VtoxHCpG
	VESIymV87sC1pgDW/xtzrytP0rwoIfV3WNqwYSmiPBLr6jzw5cQCRnXAIsmdLmVpv7byvK
	V1NU8ivPKmrq5V66oJdAgIlciLX0/fPhSE0w1nbMeZNQMcyd2l0zz1RvyX/CN9xwv2ZtTR
	apzKBNB/AN9XOOYQ4w8JIZBeOJBsmjJV5p7iOq+3x0QX77rnJGxUpEna0zEJRw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=zancanaro.id.au header.s=k1 header.b=eWZ8YGaw;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=zancanaro.id.au (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1706702648;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=r4s6ixliRqMTc/gpRNhy7TpCzl8CLlX7ToifweNJ54s=;
	b=VyQ3K0Te2BfiTbDeuUPAbtUch26N0wsXPfVzkZaFTHgDp/YTbEmBtLV2U+bTDFRjmUVuAH
	4IlBC53QDlFt/zBN8JNM9DYN3e6lGpjosSzKVs1MXK4WTDYOcFRB3iwEpiAk6g/2iAaVtZ
	xROn1EpYtgvm6ZqOiT6co8eV53D99rd2xnpLNmkT0pD8DJD5qZvQ1vdqqbcFITPCxOmplx
	kUplsnYpjBj4hI5Ba8wKTf3M1S9kOZFt3DlGcvdh0Ijj+9EdlP3fIwoY+lUHB/9LelMGTX
	W6HBS1YxEAf/9ZJHtiWO8V3RWm6JkXUYHj1hc4vZbktFjkOk312dKbu5HEIVEw==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 8B964244CC
	for <larch@yhetil.org>; Wed, 31 Jan 2024 13:04:08 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces@gnu.org>)
	id 1rV9Ju-00073D-Am; Wed, 31 Jan 2024 07:03:58 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rV9Jo-0006wA-Rp
 for bug-guix@gnu.org; Wed, 31 Jan 2024 07:03:53 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rV9Jo-0005QT-Ht
 for bug-guix@gnu.org; Wed, 31 Jan 2024 07:03:52 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rV9Jx-00057T-P5
 for bug-guix@gnu.org; Wed, 31 Jan 2024 07:04:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: bug#46961: Nginx and certbot cervices don't play well togther
Resent-From: Carlo Zancanaro <carlo@zancanaro.id.au>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Wed, 31 Jan 2024 12:04:01 +0000
Resent-Message-ID: <handler.46961.B46961.170670259819628@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 46961
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
Cc: 46961@debbugs.gnu.org
Received: via spool by 46961-submit@debbugs.gnu.org id=B46961.170670259819628
 (code B ref 46961); Wed, 31 Jan 2024 12:04:01 +0000
Received: (at 46961) by debbugs.gnu.org; 31 Jan 2024 12:03:18 +0000
Received: from localhost ([127.0.0.1]:37615 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rV9JG-00056W-9l
 for submit@debbugs.gnu.org; Wed, 31 Jan 2024 07:03:18 -0500
Received: from voltorb.zancanaro.id.au ([45.77.50.64]:35932)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <carlo@zancanaro.id.au>) id 1rV9JD-00056G-7M
 for 46961@debbugs.gnu.org; Wed, 31 Jan 2024 07:03:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; bh=r4s6ixliRqMTc/g
 pRNhy7TpCzl8CLlX7ToifweNJ54s=;
 h=in-reply-to:date:subject:cc:to:from:
 references; d=zancanaro.id.au; b=eWZ8YGawaLyxKjNxSdl6IgvP4Hlc05dcormMa
 TjTrGSX+wCrJso0emyFERjLgTV/4EHoKWoWYeeRqi3Lre3rpCzCdzsvPc2YdGRufolh37k
 WDVty1AKRw1TJySg1WlXc2cVmk5Bvx3sO1y9EiJGR71zIgu1u9NaKHzCJXpLi020=
Received: by voltorb.zancanaro.id.au (OpenSMTPD) with ESMTPSA id 76179673
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); 
 Wed, 31 Jan 2024 12:02:47 +0000 (UTC)
References: <cover.1706098718.git.carlo@zancanaro.id.au>
 <dacd6d008673b6eaf957211ff4ad41256be533b1.1706621200.git.carlo@zancanaro.id.au>
 <87zfwms4mb.fsf_-_@lassieur.org>
User-agent: mu4e 1.10.8; emacs 29.1
From: Carlo Zancanaro <carlo@zancanaro.id.au>
Date: Wed, 31 Jan 2024 11:50:23 +0000
In-reply-to: <87zfwms4mb.fsf_-_@lassieur.org>
Message-ID: <87v879oglq.fsf@zancanaro.id.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: bug-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Scanner: mx10.migadu.com
X-Spam-Score: -5.57
X-Migadu-Queue-Id: 8B964244CC
X-Migadu-Spam-Score: -5.57
X-TUID: VoShl/kqjVR+

On Wed, Jan 31 2024, Cl=C3=A9ment Lassieur wrote:
> Removing guix-devel.

I've also removed Brice.

> On Tue, Jan 30 2024, Carlo Zancanaro wrote:
>>                      (format #t "Acquiring or renewing=20
>>                      certificate: ~a~%" name)
>
> Here we could add =E2=80=98(force-output)=E2=80=99, because otherwise tho=
se logs=20
> arrive
> after the certbot logs, and it's hard to understand anything.

Done.

>> +                          ;; If we have a connection error,=20
>> then bail early
>> +                          ;; with exit code 2. We don't expect=20
>> this to
>> +                          ;; resolve within the timespan of=20
>> this script.
>
> Could we have a (log + force-output) here too?  (I imagine=20
> within a
> =E2=80=98begin=E2=80=99)

Done.

>> +                          ;; If we have any other type of=20
>> error, then continue
>> +                          ;; but exit with a failing status=20
>> code in the end.
>
> and here?

Done.

> And maybe a log also in case the command succeeds.  (So that=20
> would mean
> to replace =E2=80=98unless=E2=80=99 with =E2=80=98if=E2=80=99).

Done.

>> +                          (< attempt 12)) ; 12 * 10 seconds =3D=20
>> 2 minutes
>                                                                  ^------
> This comment is not true because certbot takes time to execute=20
> (around 15s on my vm).  I don't think there is a need to be that=20
> precise.

I haven't extracted/named the max-attempts value, but I have=20
removed the comments that imply that the time frame is bounded.

> Also could you update the example in the docs?

I have removed the %certbot-deploy-hook in the example in the=20
manual.

> ... However, we could add a nginx-service-type and a=20
> dhcp-client-service-type so that people have an idea of what the=20
> minimal config is, maybe like I did in my first review:=20
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D46961#23.

I have not added this. I understand the desire, but I'm wary of=20
providing an example that's "too involved". The current example=20
demonstrates a minimal config of certbot itself. I think you are=20
looking to include an example of a minimal system that hosts a=20
website using certbot provided certificates. I don't know where an=20
example like that belongs, but I'm not yet convinced it belongs in=20
the certbot service documentation.

Carlo