From: Frank Brehm Date: Tue, 29 Jan 2019 21:12:02 +0000 (+0100) Subject: committing changes in /etc after apt run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=b936b0865ef798c0a4b686144ec153bf254d5a68;p=config%2Fns2%2Fetc.git committing changes in /etc after apt run Package changes: -apt 1.4.8 amd64 +apt 1.4.9 amd64 -apt-transport-https 1.4.8 amd64 -apt-utils 1.4.8 amd64 +apt-transport-https 1.4.9 amd64 +apt-utils 1.4.9 amd64 -base-files 9.9+deb9u6 amd64 +base-files 9.9+deb9u7 amd64 -certbot 0.10.2-1 all +certbot 0.28.0-1~deb9u1 all -letsencrypt 0.10.2-1 all +letsencrypt 0.28.0-1~deb9u1 all -libapt-inst2.0 1.4.8 amd64 -libapt-pkg5.0 1.4.8 amd64 +libapt-inst2.0 1.4.9 amd64 +libapt-pkg5.0 1.4.9 amd64 -libpam-systemd 232-25+deb9u6 amd64 +libpam-systemd 232-25+deb9u8 amd64 -libssl1.0.2 1.0.2l-2+deb9u3 amd64 +libssl1.0.2 1.0.2q-1~deb9u1 amd64 -libsystemd0 232-25+deb9u6 amd64 +libsystemd0 232-25+deb9u8 amd64 -libudev1 232-25+deb9u6 amd64 +libudev1 232-25+deb9u8 amd64 -libzmq5 4.2.1-4 amd64 +libzmq5 4.2.1-4+deb9u1 amd64 -python-acme 0.10.2-1 all +python-acme 0.28.0-1~deb9u1 all -python-certbot-apache 0.10.2-1 all +python-certbot-apache 0.28.0-1~deb9u1 all +python-josepy 1.1.0-2~deb9u1 all -python-parsedatetime 2.1-3 all +python-parsedatetime 2.1-3+deb9u1 all +python-requests-toolbelt 0.7.0-1 all +python3-acme 0.28.0-1~deb9u1 all +python3-augeas 0.5.0-1 all +python3-certbot 0.28.0-1~deb9u1 all +python3-certbot-apache 0.28.0-1~deb9u1 all +python3-chardet 2.3.0-2 all +python3-configargparse 0.11.0-1 all +python3-josepy 1.1.0-2~deb9u1 all +python3-mock 2.0.0-3 all +python3-openssl 16.2.0-1 all +python3-parsedatetime 2.1-3+deb9u1 all +python3-pbr 1.10.0-1 all +python3-requests 2.12.4-1 all +python3-requests-toolbelt 0.7.0-1 all +python3-rfc3339 1.0-4 all +python3-tz 2016.7-0.3 all +python3-urllib3 1.19.1-1 all +python3-zope.component 4.3.0-1 all +python3-zope.event 4.2.0-1 all +python3-zope.hookable 4.0.4-4+b2 amd64 +python3-zope.interface 4.3.2-1 amd64 -systemd 232-25+deb9u6 amd64 +systemd 232-25+deb9u8 amd64 -systemd-sysv 232-25+deb9u6 amd64 +systemd-sysv 232-25+deb9u8 amd64 -tzdata 2018g-0+deb9u1 all +tzdata 2018i-0+deb9u1 all -udev 232-25+deb9u6 amd64 +udev 232-25+deb9u8 amd64 --- diff --git a/.etckeeper b/.etckeeper index 2fe660a..3c95a48 100755 --- a/.etckeeper +++ b/.etckeeper @@ -961,6 +961,7 @@ maybe chmod 0644 'letsencrypt/archive/ns2.uhu-banane.de/privkey6.pem' maybe chmod 0644 'letsencrypt/archive/ns2.uhu-banane.de/privkey7.pem' maybe chmod 0644 'letsencrypt/archive/ns2.uhu-banane.de/privkey8.pem' maybe chmod 0644 'letsencrypt/archive/ns2.uhu-banane.de/privkey9.pem' +maybe chmod 0644 'letsencrypt/cli.ini' maybe chmod 0755 'letsencrypt/csr' maybe chmod 0644 'letsencrypt/csr/0000_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/0001_csr-certbot.pem' @@ -1015,6 +1016,7 @@ maybe chmod 0644 'logrotate.d/apache2' maybe chmod 0644 'logrotate.d/apt' maybe chmod 0644 'logrotate.d/aptitude' maybe chmod 0644 'logrotate.d/bind' +maybe chmod 0644 'logrotate.d/certbot' maybe chmod 0644 'logrotate.d/chrony' maybe chmod 0644 'logrotate.d/chrony.dpkg-dist' maybe chmod 0644 'logrotate.d/dpkg' diff --git a/cron.d/certbot b/cron.d/certbot index dc2f28b..e38dbb9 100644 --- a/cron.d/certbot +++ b/cron.d/certbot @@ -5,7 +5,13 @@ # Eventually, this will be an opportunity to validate certificates # haven't been revoked, etc. Renewal will only occur if expiration # is within 30 days. +# +# Important Note! This cronjob will NOT be executed if you are +# running systemd as your init system. If you are running systemd, +# the cronjob.timer function takes precedence over this cronjob. For +# more details, see the systemd.timer manpage, or use systemctl show +# certbot.timer. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew +0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew diff --git a/debian_version b/debian_version index c026ac8..9d5e716 100644 --- a/debian_version +++ b/debian_version @@ -1 +1 @@ -9.6 +9.7 diff --git a/letsencrypt/cli.ini b/letsencrypt/cli.ini new file mode 100644 index 0000000..05a8e4f --- /dev/null +++ b/letsencrypt/cli.ini @@ -0,0 +1,3 @@ +# Because we are using logrotate for greater flexibility, disable the +# internal certbot logrotation. +max-log-backups = 0 \ No newline at end of file diff --git a/logrotate.d/certbot b/logrotate.d/certbot new file mode 100644 index 0000000..05caa95 --- /dev/null +++ b/logrotate.d/certbot @@ -0,0 +1,6 @@ +/var/log/letsencrypt/*.log { + rotate 12 + weekly + compress + missingok +} \ No newline at end of file