GNU bug report logs -
#46961
Nginx and certbot cervices don't play well togther
Previous Next
Reported by: Brice Waegeneire <brice <at> waegenei.re>
Date: Sat, 6 Mar 2021 08:16:02 UTC
Severity: normal
Done: Clément Lassieur <clement <at> lassieur.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On Tue, Jan 30 2024, Carlo Zancanaro wrote:
>>> + ;; Due to the way certbot runs, we need to
>>> + ;; create the self-signed certificates in the
>>> + ;; archive folder and symlink them into the live
>>> + ;; folder. This mimics what certbot does well
>>> + ;; enough to make acquiring new certificates
>>> + ;; work.
>>
>> In another mail you say it doesn't work as well as you thought it did?
>> What doesn't work?
>
> This comment doesn't describe the code any more. In my first attempt I
> was trying to generate certificates in /etc/letsencrypt/live/ and get
> certbot to write over them when it ran. Unfortunately, it refused to do
> so. I then tried writing to /etc/letsencrypt/archive/ and symlinking
> into /etc/letsencrypt/live/ (which is what this comment describes), but
> that also failed. Certbot refuses to write over any existing files when
> fetching a certificate.
Oh I read the comment too quickly, I thought it was describing the
/etc/certs moving. I suppose you will update it so to reflect the
actual state?
What you did (using /etc/certs, and symlinking stuff in
/etc/letsencrypt) is a good idea I think, and it's excellent that it's
backward compatible!
> It looks like other acme clients might be happier to overwrite existing
> files, but changing away from certbot seemed like more work than adding
> a deploy hook to do what we need.
Indeed!
> I'll follow up with a v2 of this patch when I get a chance.
Thanks!
> Carlo
This bug report was last modified 1 year and 107 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.