Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#73186 - [certbot] Add systemd service and timer to renew certificates
Attached to Project:
Community Packages
Opened by Damjan Georgievski (damjan) - Wednesday, 29 December 2021, 12:21 GMT
Last edited by George Rawlinson (rawlinsong) - Wednesday, 23 March 2022, 00:55 GMT
Opened by Damjan Georgievski (damjan) - Wednesday, 29 December 2021, 12:21 GMT
Last edited by George Rawlinson (rawlinsong) - Wednesday, 23 March 2022, 00:55 GMT
|
DetailsPeople using certbot probably already have these, because, why would you have certbot without automatic renewals.
So let's have the timer and service unit files centrally, included in the package, where we can improve them in a single place. # /usr/lib/systemd/system/certbot.service [Unit] Description=Renew all previously obtained certificates that are near expiry Documentation=https://letsencrypt.org/docs/ [Service] Type=oneshot ExecStart=/usr/bin/certbot -q renew PrivateTmp=true # /usr/lib/systemd/system/certbot.timer [Unit] Description=Run certbot twice daily [Timer] OnCalendar=*-*-* 00,12:00:00 RandomizedDelaySec=43200 Persistent=true [Install] WantedBy=timers.target |
This task depends upon
Closed by George Rawlinson (rawlinsong)
Wednesday, 23 March 2022, 00:55 GMT
Reason for closing: Implemented
Additional comments about closing: Will be available as certbot-renew.{service,timer} in upcoming package 1.25.0-1.
Wednesday, 23 March 2022, 00:55 GMT
Reason for closing: Implemented
Additional comments about closing: Will be available as certbot-renew.{service,timer} in upcoming package 1.25.0-1.
Speaking from a non-Arch devops perspective, this request does not cover all use cases and will most likely cause issues.
can you share some of those use cases you're thinking of?
> and will most likely cause issues.
the timer/service wouldn't be enabled by default, I don't see what issues they would cause by default?
2. Some people do not want the timers run every day, or different parameters passed to certbot, or some other bespoke configuration.
Thankfully, we do not need to concern ourselves with these potential scenarios because upstream does not provide any systemd integration anyway.
https://wiki.archlinux.org/title/Arch_Linux#Simplicity:
"It ships software as released by the original developers (upstream) with minimal distribution-specific (downstream) changes"
1. people shouldn't put units in /usr/lib/systemd/ anyway, it's documented that they should use /etc/systemd (which overrides /usr).
2. sure, the proposed units are what 99% of people would use (twice daily is what letsencrypt recommends). but of course, users can always have local overrides.
@aminvakil
but also
https://wiki.archlinux.org/title/Arch_Linux#Pragmatism
:)
my reasoning is that adding default units that will be useful to 99% of users,
offers a good common building block, and will lower peoples support "calls".