-
-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change crontab user for Letsencrypt renewal #86
Comments
On the server I just provisioned, the root user already had the crontab entry. I just needed to remove the entry from the openfoodnetwork user. |
Who created it? Are you using latest |
I'm using the master branch. My version is based on 19f5e81. I think that installing the crontab is a new feature of certbot. So the role is probably not up-to-date with certbot's current behaviour. |
https://certbot.eff.org/all-instructions/#ubuntu-16-10-yakkety-nginx
|
@mkllnk Yakkety? This playbook I'm afraid it only supports |
Oh sorry, I quoted the wrong source. https://certbot.eff.org/#ubuntuxenial-nginx
Same thing. The new server I set up runs 16.04:
And that's what I observed there. I don't want to setup a new server just to test this and my machine is too slow to do it. |
Nice, thanks! I'll test it and report back. |
I just created a Ubuntu Xenial 16.04 LXC container and installed
|
I also discovered this:
and
aaaand
More details here https://github.com/certbot/certbot/pull/5460/files |
I'm not sure which one actually run the renewal between
and
|
Running it as the openfoodnetwork user fails since it doesn't have sudo permissions. Fixes #86
I think #124 fixed it |
Running it as the openfoodnetwork user fails since it doesn't have sudo permissions. Fixes openfoodfoundation#86
WAT!? Why!?
Right now we pass
openfoodnetwork
to the cerbot role as the crontab user for Letsencrypt renewal cron job.The problem is that
openfoodnetwork
user doesn't have permissions to run the certbot binary. Give a look at the CRON log:Proposal
Let's use
ofn-admin
user instead since it has permissions to run it. There is still a pending problem about thestandalone
web server but it will be covered in another issue. Will link to this one once created.The text was updated successfully, but these errors were encountered: