]> Frank Brehm's Git Trees - config/ns2/etc.git/commitdiff
projects / config / ns2 / etc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df75a40)
committing changes in /etc after apt run
authorFrank Brehm <frank@brehm-online.com>
Tue, 29 Jan 2019 21:12:02 +0000 (22:12 +0100)
committerFrank Brehm <frank@brehm-online.com>
Tue, 29 Jan 2019 21:12:02 +0000 (22:12 +0100)
Package changes:
-apt 1.4.8 amd64
+apt 1.4.9 amd64
-apt-transport-https 1.4.8 amd64
-apt-utils 1.4.8 amd64
+apt-transport-https 1.4.9 amd64
+apt-utils 1.4.9 amd64
-base-files 9.9+deb9u6 amd64
+base-files 9.9+deb9u7 amd64
-certbot 0.10.2-1 all
+certbot 0.28.0-1~deb9u1 all
-letsencrypt 0.10.2-1 all
+letsencrypt 0.28.0-1~deb9u1 all
-libapt-inst2.0 1.4.8 amd64
-libapt-pkg5.0 1.4.8 amd64
+libapt-inst2.0 1.4.9 amd64
+libapt-pkg5.0 1.4.9 amd64
-libpam-systemd 232-25+deb9u6 amd64
+libpam-systemd 232-25+deb9u8 amd64
-libssl1.0.2 1.0.2l-2+deb9u3 amd64
+libssl1.0.2 1.0.2q-1~deb9u1 amd64
-libsystemd0 232-25+deb9u6 amd64
+libsystemd0 232-25+deb9u8 amd64
-libudev1 232-25+deb9u6 amd64
+libudev1 232-25+deb9u8 amd64
-libzmq5 4.2.1-4 amd64
+libzmq5 4.2.1-4+deb9u1 amd64
-python-acme 0.10.2-1 all
+python-acme 0.28.0-1~deb9u1 all
-python-certbot-apache 0.10.2-1 all
+python-certbot-apache 0.28.0-1~deb9u1 all
+python-josepy 1.1.0-2~deb9u1 all
-python-parsedatetime 2.1-3 all
+python-parsedatetime 2.1-3+deb9u1 all
+python-requests-toolbelt 0.7.0-1 all
+python3-acme 0.28.0-1~deb9u1 all
+python3-augeas 0.5.0-1 all
+python3-certbot 0.28.0-1~deb9u1 all
+python3-certbot-apache 0.28.0-1~deb9u1 all
+python3-chardet 2.3.0-2 all
+python3-configargparse 0.11.0-1 all
+python3-josepy 1.1.0-2~deb9u1 all
+python3-mock 2.0.0-3 all
+python3-openssl 16.2.0-1 all
+python3-parsedatetime 2.1-3+deb9u1 all
+python3-pbr 1.10.0-1 all
+python3-requests 2.12.4-1 all
+python3-requests-toolbelt 0.7.0-1 all
+python3-rfc3339 1.0-4 all
+python3-tz 2016.7-0.3 all
+python3-urllib3 1.19.1-1 all
+python3-zope.component 4.3.0-1 all
+python3-zope.event 4.2.0-1 all
+python3-zope.hookable 4.0.4-4+b2 amd64
+python3-zope.interface 4.3.2-1 amd64
-systemd 232-25+deb9u6 amd64
+systemd 232-25+deb9u8 amd64
-systemd-sysv 232-25+deb9u6 amd64
+systemd-sysv 232-25+deb9u8 amd64
-tzdata 2018g-0+deb9u1 all
+tzdata 2018i-0+deb9u1 all
-udev 232-25+deb9u6 amd64
+udev 232-25+deb9u8 amd64

.etckeeper patch | blob | history
cron.d/certbot patch | blob | history
debian_version patch | blob | history
letsencrypt/cli.ini [new file with mode: 0644] patch | blob
logrotate.d/certbot [new file with mode: 0644] patch | blob

diff --git a/.etckeeper b/.etckeeper
index 2fe660a1becb051365942a5733d8814198802808..3c95a48e6b3a92a2854e25454fa5c5e957476f6b 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -961,6 +961,7 @@ maybe chmod 0644 'letsencrypt/archive/ns2.uhu-banane.de/privkey6.pem'
 maybe chmod 0644 'letsencrypt/archive/ns2.uhu-banane.de/privkey7.pem'
 maybe chmod 0644 'letsencrypt/archive/ns2.uhu-banane.de/privkey8.pem'
 maybe chmod 0644 'letsencrypt/archive/ns2.uhu-banane.de/privkey9.pem'
+maybe chmod 0644 'letsencrypt/cli.ini'
 maybe chmod 0755 'letsencrypt/csr'
 maybe chmod 0644 'letsencrypt/csr/0000_csr-certbot.pem'
 maybe chmod 0644 'letsencrypt/csr/0001_csr-certbot.pem'
@@ -1015,6 +1016,7 @@ maybe chmod 0644 'logrotate.d/apache2'
 maybe chmod 0644 'logrotate.d/apt'
 maybe chmod 0644 'logrotate.d/aptitude'
 maybe chmod 0644 'logrotate.d/bind'
+maybe chmod 0644 'logrotate.d/certbot'
 maybe chmod 0644 'logrotate.d/chrony'
 maybe chmod 0644 'logrotate.d/chrony.dpkg-dist'
 maybe chmod 0644 'logrotate.d/dpkg'
diff --git a/cron.d/certbot b/cron.d/certbot
index dc2f28b615e961d6a8eb00a985531cb928263b9f..e38dbb9022ec15be87bfa50092bbed920b8a3a01 100644 (file)
--- a/cron.d/certbot
+++ b/cron.d/certbot
@@ -5,7 +5,13 @@
 # Eventually, this will be an opportunity to validate certificates
 # haven't been revoked, etc.  Renewal will only occur if expiration
 # is within 30 days.
+#
+# Important Note!  This cronjob will NOT be executed if you are
+# running systemd as your init system.  If you are running systemd,
+# the cronjob.timer function takes precedence over this cronjob.  For
+# more details, see the systemd.timer manpage, or use systemctl show
+# certbot.timer.
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 
-0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
+0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
diff --git a/debian_version b/debian_version
index c026ac828d085bb96917f9390169bf833f83a83e..9d5e716c0559c0e7826fd342538bbbf1071a2330 100644 (file)
--- a/debian_version
+++ b/debian_version
@@ -1 +1 @@
-9.6
+9.7
diff --git a/letsencrypt/cli.ini b/letsencrypt/cli.ini
new file mode 100644 (file)
index 0000000..05a8e4f
--- /dev/null
+++ b/letsencrypt/cli.ini
@@ -0,0 +1,3 @@
+# Because we are using logrotate for greater flexibility, disable the
+# internal certbot logrotation.
+max-log-backups = 0
\ No newline at end of file
diff --git a/logrotate.d/certbot b/logrotate.d/certbot
new file mode 100644 (file)
index 0000000..05caa95
--- /dev/null
+++ b/logrotate.d/certbot
@@ -0,0 +1,6 @@
+/var/log/letsencrypt/*.log {
+    rotate 12
+    weekly
+    compress
+    missingok
+}
\ No newline at end of file
Unnamed repository; edit this file 'description' to name the repository.