bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#46961: Nginx and certbot cervices don't play well togther

From: Clément Lassieur
Subject: bug#46961: Nginx and certbot cervices don't play well togther
Date: Tue, 30 Jan 2024 00:19:06 +0100
User-agent: Gnus/5.13 (Gnus v5.13) 
On Tue, Jan 30 2024, Carlo Zancanaro wrote:

>>> +             ;; Due to the way certbot runs, we need to
>>> +             ;; create the self-signed certificates in the
>>> +             ;; archive folder and symlink them into the live
>>> +             ;; folder. This mimics what certbot does well
>>> +             ;; enough to make acquiring new certificates
>>> +             ;; work.
>>
>> In another mail you say it doesn't work as well as you thought it did?
>> What doesn't work?
>
> This comment doesn't describe the code any more. In my first attempt I
> was trying to generate certificates in /etc/letsencrypt/live/ and get
> certbot to write over them when it ran. Unfortunately, it refused to do
> so. I then tried writing to /etc/letsencrypt/archive/ and symlinking
> into /etc/letsencrypt/live/ (which is what this comment describes), but
> that also failed. Certbot refuses to write over any existing files when
> fetching a certificate.

Oh I read the comment too quickly, I thought it was describing the
/etc/certs moving.  I suppose you will update it so to reflect the
actual state?

What you did (using /etc/certs, and symlinking stuff in
/etc/letsencrypt) is a good idea I think, and it's excellent that it's
backward compatible!

> It looks like other acme clients might be happier to overwrite existing
> files, but changing away from certbot seemed like more work than adding
> a deploy hook to do what we need.

Indeed!

> I'll follow up with a v2 of this patch when I get a chance.

Thanks!

> Carlo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]