GNU bug report logs - #46961
Nginx and certbot cervices don't play well togther

Previous Next

Package: guix;

Reported by: Brice Waegeneire <brice <at> waegenei.re>

Date: Sat, 6 Mar 2021 08:16:02 UTC

Severity: normal

Done: Clément Lassieur <clement <at> lassieur.org>

Bug is archived. No further changes may be made.

Full log

Message #83 received at 46961 <at> debbugs.gnu.org (full text, mbox):

From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
To: Clément Lassieur <clement <at> lassieur.org>
Cc: 46961 <at> debbugs.gnu.org
Subject: Re: bug#46961: Nginx and certbot cervices don't play well togther
Date: Wed, 31 Jan 2024 11:50:23 +0000

On Wed, Jan 31 2024, Clément Lassieur wrote:
> Removing guix-devel.

I've also removed Brice.

> On Tue, Jan 30 2024, Carlo Zancanaro wrote:
>>                      (format #t "Acquiring or renewing 
>>                      certificate: ~a~%" name)
>
> Here we could add ‘(force-output)’, because otherwise those logs 
> arrive
> after the certbot logs, and it's hard to understand anything.

Done.

>> +                          ;; If we have a connection error, 
>> then bail early
>> +                          ;; with exit code 2. We don't expect 
>> this to
>> +                          ;; resolve within the timespan of 
>> this script.
>
> Could we have a (log + force-output) here too?  (I imagine 
> within a
> ‘begin’)

Done.

>> +                          ;; If we have any other type of 
>> error, then continue
>> +                          ;; but exit with a failing status 
>> code in the end.
>
> and here?

Done.

> And maybe a log also in case the command succeeds.  (So that 
> would mean
> to replace ‘unless’ with ‘if’).

Done.

>> +                          (< attempt 12)) ; 12 * 10 seconds = 
>> 2 minutes
>                                                                  ^------
> This comment is not true because certbot takes time to execute 
> (around 15s on my vm).  I don't think there is a need to be that 
> precise.

I haven't extracted/named the max-attempts value, but I have 
removed the comments that imply that the time frame is bounded.

> Also could you update the example in the docs?

I have removed the %certbot-deploy-hook in the example in the 
manual.

> ... However, we could add a nginx-service-type and a 
> dhcp-client-service-type so that people have an idea of what the 
> minimal config is, maybe like I did in my first review: 
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=46961#23.

I have not added this. I understand the desire, but I'm wary of 
providing an example that's "too involved". The current example 
demonstrates a minimal config of certbot itself. I think you are 
looking to include an example of a minimal system that hosts a 
website using certbot provided certificates. I don't know where an 
example like that belongs, but I'm not yet convinced it belongs in 
the certbot service documentation.

Carlo
This bug report was last modified 1 year and 108 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.