#2748: osgeo6 certs might have an issue
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Keywords:
---------------------------+---------------------------------------
Got a note from letsencrypt that all these are expiring
{{{
docs.geotools.org
geotools.org
lists.osgeo.org
mapserver.gis.umn.edu
mapserver.org
old.grass.osgeo.org
www.geotools.org
www.mapserver.org
www3.mapserver.org
}}}
These I think are all hosted on osgeo6. I'll check on the cert thing to
see what's up
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2748>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2748: osgeo6 certs might have an issue
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------
Comment (by robe):
okay I ran
{{{
certbot-auto renew
}}}
Which did this
{{{
/etc/letsencrypt/live/docs.geotools.org/fullchain.pem (success)
/etc/letsencrypt/live/geotools.org/fullchain.pem (success)
/etc/letsencrypt/live/lists.osgeo.org/fullchain.pem (success)
/etc/letsencrypt/live/mapserver.org/fullchain.pem (success)
/etc/letsencrypt/live/old.grass.osgeo.org/fullchain.pem (success)
}}}
but
root cron has this already
{{{
30 1 15 * * certbot-auto renew
}}}
so maybe it's related to the issue strk was mentioning about cron job.
Also:
{{{
systemctl status cron
}}}
shows this:
{{{
● cron.service - Regular background program processing daemon
Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2021-11-12 20:29:29 PST; 5 months 0
days ago
Docs: man:cron(8)
Main PID: 24962 (cron)
Tasks: 29 (limit: 4915)
Memory: 650.7M
CPU: 1h 36min 11.135s
CGroup: /system.slice/cron.service
├─15672 sudo -Eu drone drone server --server-addr
localhost:8000
├─15675 drone server --server-addr localhost:8000
└─24962 /usr/sbin/cron -f
Apr 14 14:15:01 osgeo6 CRON[1181]: (root) CMD (command -v debian-sa1 >
/dev/null && debian-sa1 1 1)
}}}
What is that drone server thing doing there. Can we kill that.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2748#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2748: osgeo6 certs might have an issue
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------
Comment (by strk):
The cron job should have run tomorrow (15 day of month) so what makes you
think it would not run ?
I've no idea about the drone server, must be the old one. Given
drone.osgeo.org responds with "nothing to see here" I'd say we can kill
the running server, yes.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2748#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2748: osgeo6 certs might have an issue
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+----------------------------------------
Changes (by robe):
* status: new => closed
* resolution: => fixed
Comment:
no issue here, think it's just cause it's every 2 weeks.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2748#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2748: osgeo6 certs might have an issue
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: reopened
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------
Changes (by robe):
* status: closed => reopened
* resolution: fixed =>
Comment:
Still an issue, I think it's because they are all based on the old certbot
and certbot-auto is no longer supported so have to switch to new certbot.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2748#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2748: osgeo6 certs might have an issue
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+----------------------------------------
Changes (by robe):
* status: reopened => closed
* resolution: => fixed
Comment:
They were all complaining about apache2 plugin not installed
I ran:
{{{
apt install python-certbot-apache
certbot renew
systemctl reload apache2
}}}
and they all seemed to renew okay.
I confirmed the cron job has certbot renew, though not sure that is needed
with the apache config in place.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2748#comment:5>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.