Labels Milestones

New Issue

certbot renewal name collision #12

Open

opened 2 years ago by cel · 3 comments

cel commented 2 years ago

Owner

An occurrence was observed of a "name collision" per https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates:
data/certbot/conf/live and data/certbot/conf/archive directory contained woodbine.nyc directory with old certificate/key, and woodbine.nyc-0001 directory with new certificate/key. This was after running nginx/certbot-renew; so the certificate was renewed but the web server was still using the old one. Fix for now was to manually replace the woodbine.nyc directory in live with the woodbine.nyc-0001 one, and then restart the nginx container. This should instead be fixed such that the certificate renewal updates the woodbine.nyc directories without needing additional renaming.

An occurrence was observed of a "name collision" per https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates: `data/certbot/conf/live` and `data/certbot/conf/archive` directory contained `woodbine.nyc` directory with old certificate/key, and `woodbine.nyc-0001` directory with new certificate/key. This was after running `nginx/certbot-renew`; so the certificate was renewed but the web server was still using the old one. Fix for now was to manually replace the `woodbine.nyc` directory in `live` with the `woodbine.nyc-0001` one, and then restart the nginx container. This should instead be fixed such that the certificate renewal updates the `woodbine.nyc` directories without needing additional renaming.

cel commented 2 years ago

Poster

Owner

occurred again today.
temp fix:

ln -frs data/certbot/conf/archive/woodbine.nyc-0002/fullchain1.pem data/certbot/conf/live/woodbine.nyc/fullchain.pem
ln -frs data/certbot/conf/archive/woodbine.nyc-0002/privkey1.pem data/certbot/conf/live/woodbine.nyc/privkey.pem
(cd nginx; docker-compose exec nginx nginx -s reload)

occurred again today. temp fix: ``` ln -frs data/certbot/conf/archive/woodbine.nyc-0002/fullchain1.pem data/certbot/conf/live/woodbine.nyc/fullchain.pem ln -frs data/certbot/conf/archive/woodbine.nyc-0002/privkey1.pem data/certbot/conf/live/woodbine.nyc/privkey.pem (cd nginx; docker-compose exec nginx nginx -s reload) ```

cel commented 1 year ago

Poster

Owner

fixed

--- a/nginx/certbot-renew
+++ b/nginx/certbot-renew
@@ -21,7 +21,7 @@ fi
 mkdir -p ../data/certbot/conf/archive/old
-mv ../data/certbot/conf/archive/* old
+mv ../data/certbot/conf/archive/"${DOMAIN_NAME}"* ../data/certbot/conf/archive/old/

fixed ```diff --- a/nginx/certbot-renew +++ b/nginx/certbot-renew @@ -21,7 +21,7 @@ fi mkdir -p ../data/certbot/conf/archive/old -mv ../data/certbot/conf/archive/* old +mv ../data/certbot/conf/archive/"${DOMAIN_NAME}"* ../data/certbot/conf/archive/old/ ```

cel commented 1 year ago

Poster

Owner

renewal done today manually

https://basement.woodbine.nyc/ssl-management
edited script to fix execution via symlink:

-DIRNAME="$(dirname $0)"
+DIRNAME="$(dirname $(realpath "$0"))"
 cd "$DIRNAME"

renewal done today manually https://basement.woodbine.nyc/ssl-management edited script to fix execution via symlink: ``` -DIRNAME="$(dirname $0)" +DIRNAME="$(dirname $(realpath "$0"))" cd "$DIRNAME" ```

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

single-dockerfile

main

gitea

Labels

Apply labels

Clear labels

No items

No Label

Milestone

Set milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Assign users

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cel/hackerspace-zone-mirror#12

Write Preview

Loading…

Cancel

Save

There is no content yet.