maybe chmod 0644 'letsencrypt/archive/ns1.uhu-banane.de/privkey7.pem'
maybe chmod 0644 'letsencrypt/archive/ns1.uhu-banane.de/privkey8.pem'
maybe chmod 0644 'letsencrypt/archive/ns1.uhu-banane.de/privkey9.pem'
+maybe chmod 0644 'letsencrypt/cli.ini'
maybe chmod 0755 'letsencrypt/csr'
maybe chmod 0644 'letsencrypt/csr/0000_csr-certbot.pem'
maybe chmod 0644 'letsencrypt/csr/0001_csr-certbot.pem'
maybe chmod 0644 'logrotate.d/apt'
maybe chmod 0644 'logrotate.d/aptitude'
maybe chmod 0644 'logrotate.d/bind'
+maybe chmod 0644 'logrotate.d/certbot'
maybe chmod 0644 'logrotate.d/chrony'
maybe chmod 0644 'logrotate.d/dbconfig-common'
maybe chmod 0644 'logrotate.d/dpkg'
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
+#
+# Important Note! This cronjob will NOT be executed if you are
+# running systemd as your init system. If you are running systemd,
+# the cronjob.timer function takes precedence over this cronjob. For
+# more details, see the systemd.timer manpage, or use systemctl show
+# certbot.timer.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
+0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
--- /dev/null
+# Because we are using logrotate for greater flexibility, disable the
+# internal certbot logrotation.
+max-log-backups = 0
\ No newline at end of file
--- /dev/null
+/var/log/letsencrypt/*.log {
+ rotate 12
+ weekly
+ compress
+ missingok
+}
\ No newline at end of file
projects / config / ns1 / etc.git / commitdiff