ansible-role-certbot icon indicating copy to clipboard operation
ansible-role-certbot copied to clipboard

Published 20 hours ago verified publisher icon geerlingguy

do not use cron when installing from distribution on Debian

Open xiruizhao opened this issue 3 years ago • 14 comments

Debian distribution package provides a systemd timer for certificate auto renewal

xiruizhao avatar Mar 22 '21 20:03 xiruizhao

I work around this by setting certbot_auto_renew: false on Debian, but it sure would be nice to have this behavior by default.

maxtruxa avatar May 03 '21 11:05 maxtruxa

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

stale[bot] avatar Aug 01 '21 14:08 stale[bot]

Still relevant.

maxtruxa avatar Aug 17 '21 17:08 maxtruxa

This issue is no longer marked for closure.

stale[bot] avatar Aug 17 '21 17:08 stale[bot]

I think a better way of doing this would be to create a file in vars called Debian.yml with the line certbot_auto_renew: false. @geerlingguy's roles will pull from vars files named after the ansible_os_family for distro or family specific features.

evilhamsterman avatar Oct 01 '21 23:10 evilhamsterman

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

stale[bot] avatar Jan 02 '22 14:01 stale[bot]

Still relevant

evilhamsterman avatar Jan 03 '22 02:01 evilhamsterman

This issue is no longer marked for closure.

stale[bot] avatar Jan 03 '22 02:01 stale[bot]

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

stale[bot] avatar Apr 16 '22 09:04 stale[bot]

still relevant

rotanid avatar Apr 16 '22 20:04 rotanid

This issue is no longer marked for closure.

stale[bot] avatar Apr 16 '22 20:04 stale[bot]

I ran this playbook on Ubuntu and then used systemctl list-timers to confirm certbot.timer was present and runing and it was. I recommend merging this.

markstos avatar May 16 '22 19:05 markstos

@geerlingguy I know you are very busy but this is a very simple fix that has been sitting for a long time. Can you either accept this PR or add certbot_auto_renew: false to your Debian.yml vars file?

evilhamsterman avatar Jul 14 '22 16:07 evilhamsterman

See https://packages.debian.org/bullseye/all/certbot/filelist (debian 11.4), https://packages.debian.org/stretch/all/certbot/filelist (debian 9.3)

xiruizhao avatar Sep 02 '22 18:09 xiruizhao

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

stale[bot] avatar Dec 21 '22 02:12 stale[bot]

still relevant

rotanid avatar Dec 22 '22 02:12 rotanid

This issue is no longer marked for closure.

stale[bot] avatar Dec 22 '22 02:12 stale[bot]

Distribution package users with systemd timers should turn off certbot_auto_renew.

xiruizhao avatar Jan 27 '23 04:01 xiruizhao

This is commonly installed directly with Ansible. The role supports Debian already, and replacing systemd timers with cron a better choice on Debian and should be set in the role itself.

markstos avatar Jan 27 '23 19:01 markstos