Update to fetch cert twice to allow easier renewal. #4
No reviewers
Labels
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: packetcat/mastible#4
Loading…
Reference in New Issue
No description provided.
Delete Branch "fetch-cert-twice"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This matches the production docs. I have tested this and it seems to work; it means you don't have to stop nginx daily to potentially perform the renewal.
Sorry, I see this one currently depends upon my local domain PR #3. Can rework to not have that if #3 isn't wanted but this is.
I just merged #3 so this one is fine as well!
One issue, certbot is not a package available in standard repos in Ubuntu 16.04, I believe the package is called letsencrypt.
root@demonreach:~# apt install certbot Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package certbot
Ah I assumed the version in xenial was too old: https://launchpad.net/ubuntu/+source/python-letsencrypt/+bugs
Reading again it looks like it might still be okay for initial, but I think renewal might be broken, see e.g. https://bugs.launchpad.net/ubuntu/xenial/+source/python-letsencrypt/+bug/1640978
But as bionic/stretch both still have 'letsencrypt' as a dummy package, could move to that if you like, sure.
Or looks like there's a PPA for xenial: https://certbot.eff.org/lets-encrypt/ubuntuxenial-other
Let's keep it 'letsencrypt', I'd like to keep use of external repositories/PPAs to a minimum where possible.
Updated.
Thanks, looks good to me, merging.