From: Attila Lendvai <attila@lendvai.name>
To: "62491@debbugs.gnu.org" <62491@debbugs.gnu.org>
Cc: "clement@lassieur.org" <clement@lassieur.org>
Subject: bug#62491: (No Subject)
Date: Thu, 04 May 2023 14:37:13 +0000 [thread overview]
Message-ID: <xUfl58WwIGDQakb2wFTlATboSCRB4-uR1eu3HS0G6Mo1IdzgYsOsA2D4YmBt_TgLWFrMlmJFi2a2yykmDNZJuUCRHoENEmnvrhWdSYC8DSA=@lendvai.name> (raw)
In-Reply-To: <87cz4tq501.fsf@gmail.com>
i don't think this is the same issue as #56678.
or at least what i'm seeing on my server is that the wrong certbot cmd line is generated, which then results in saving the challenge at the wrong path.
this is the mcron that gets generated:
[...]/certbot certonly -n --agree-tos --webroot -w /srv/http/ --cert-name dwim.hu -d dwim.hu --email attila@lendvai.name
and this what worked when i fixed the -w arg:
[...]/certbot certonly -n --agree-tos --webroot -w /srv/http/dwim.hu --cert-name dwim.hu -d dwim.hu --email attila@lendvai.name
i.e. the -w parameter should point to the webroot of the virtual domain, but the guix config structure does not allow setting the webroot for each <certificate-configuration>, only at their parent, i.e. in the <certbot-configuration>.
this all seems to me as if the certbot service code was assuming that the certbot script will append the domain names (specified with -d) to the webroot path, but it does not.
from the certbot log (i.e. challenge is saved at the wrong path):
"Removing /srv/http/.well-known/acme-challenge/[hash]"
the relevant code is from 2018, so certbot's behavior may very well have changed since then:
https://git.savannah.gnu.org/cgit/guix.git/commit/gnu/services/certbot.scm?id=c3215d2f9d8fa4b890e3a41ceb4404b76a7c5c49
it seems to me that the webroot field should be moved down into <certificate-configuration>.
am i right? if so i may try to patch this up.
--
- attila
PGP: 5D5F 45C7 DFCD 0A39
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“State is the name of the coldest of all cold monsters. Coldly it lies; and this lie slips from its mouth: "I, the state, am the people."”
— Friedrich Nietzsche (1844–1900), 'Thus Spoke Zarathustra' (1885), http://j.mp/1k6pbwS
next prev parent reply other threads:[~2023-05-04 14:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-27 21:05 bug#62491: [berlin] certbot renewal appears to be broken Maxim Cournoyer
2023-05-04 14:37 ` Attila Lendvai [this message]
2023-11-22 17:37 ` Giovanni Biscuolo
2023-11-22 18:05 ` Attila Lendvai
2023-11-23 7:23 ` Giovanni Biscuolo
2023-11-23 4:17 ` Maxim Cournoyer
2023-11-23 7:42 ` Giovanni Biscuolo
2023-11-23 8:46 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='xUfl58WwIGDQakb2wFTlATboSCRB4-uR1eu3HS0G6Mo1IdzgYsOsA2D4YmBt_TgLWFrMlmJFi2a2yykmDNZJuUCRHoENEmnvrhWdSYC8DSA=@lendvai.name' \
--to=attila@lendvai.name \
--cc=62491@debbugs.gnu.org \
--cc=clement@lassieur.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.