bug#46961: Nginx and certbot cervices don't play well togther

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#46961: Nginx and certbot cervices don't play well togther

From:	Carlo Zancanaro
Subject:	bug#46961: Nginx and certbot cervices don't play well togther
Date:	Wed, 31 Jan 2024 11:50:23 +0000
User-agent:	mu4e 1.10.8; emacs 29.1

On Wed, Jan 31 2024, Clément Lassieur wrote:

Removing guix-devel.


I've also removed Brice.

On Tue, Jan 30 2024, Carlo Zancanaro wrote:
(format #t "Acquiring or renewingcertificate: ~a~%" name)
Here we could add ‘(force-output)’, because otherwise those logsarrive
after the certbot logs, and it's hard to understand anything.


Done.

+ ;; If we have a connection error,then bail early+ ;; with exit code 2. We don't expectthis to+ ;; resolve within the timespan ofthis script.
Could we have a (log + force-output) here too? (I imaginewithin a
‘begin’)


Done.

+ ;; If we have any other type oferror, then continue+ ;; but exit with a failing statuscode in the end.
and here?


Done.

And maybe a log also in case the command succeeds. (So thatwould mean
to replace ‘unless’ with ‘if’).


Done.

+ (< attempt 12)) ; 12 * 10 seconds =2 minutes
                                                                 ^------
This comment is not true because certbot takes time to execute(around 15s on my vm). I don't think there is a need to be thatprecise.

I haven't extracted/named the max-attempts value, but I haveremoved the comments that imply that the time frame is bounded.

Also could you update the example in the docs?

I have removed the %certbot-deploy-hook in the example in themanual.

... However, we could add a nginx-service-type and adhcp-client-service-type so that people have an idea of what theminimal config is, maybe like I did in my first review:https://debbugs.gnu.org/cgi/bugreport.cgi?bug=46961#23.

I have not added this. I understand the desire, but I'm wary ofproviding an example that's "too involved". The current exampledemonstrates a minimal config of certbot itself. I think you arelooking to include an example of a minimal system that hosts awebsite using certbot provided certificates. I don't know where anexample like that belongs, but I'm not yet convinced it belongs inthe certbot service documentation.


Carlo

[Prev in Thread]

Current Thread

[Next in Thread]

bug#46961: [PATCH v3 3/4] services: certbot: Reload nginx in deploy hook., (continued)
- bug#46961: [PATCH v2 3/4] services: certbot: Add a default deploy hook to reload nginx., Carlo Zancanaro, 2024/01/30
  - bug#46961: Nginx and certbot cervices don't play well togther, Clément Lassieur, 2024/01/30
- bug#46961: [PATCH v2 1/4] services: certbot: Symlink certificates to /etc/certs., Carlo Zancanaro, 2024/01/30
- bug#46961: [PATCH v2 2/4] services: certbot: Create self-signed certificates before certbot runs., Carlo Zancanaro, 2024/01/30
- bug#46961: [PATCH v2 4/4] services: certbot: Add one-shot service to renew certificates., Carlo Zancanaro, 2024/01/30
  - bug#46961: Nginx and certbot cervices don't play well togther, Clément Lassieur, 2024/01/30
    - bug#46961: Nginx and certbot cervices don't play well togther, Carlo Zancanaro <=
    - bug#46961: Nginx and certbot cervices don't play well togther, Clément Lassieur, 2024/01/31

Prev by Date: bug#46961: [PATCH v3 2/4] services: certbot: Create self-signed certificates before certbot runs.
Next by Date: bug#68848: New home-dotfiles-service-type creates extra toplevel directories
Previous by thread: bug#46961: Nginx and certbot cervices don't play well togther
Next by thread: bug#46961: Nginx and certbot cervices don't play well togther
Index(es):
- Date
- Thread