Bug 245954 - security/py-certbot: Do not stop web service when renewing certificate (rc)
Summary: security/py-certbot: Do not stop web service when renewing certificate (rc)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Danilo G. Baio
URL: https://reviews.freebsd.org/D25391
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2020-04-27 06:10 UTC by Max Khon
Modified: 2020-07-11 12:51 UTC (History)
3 users (show)

See Also:
dbaio: maintainer-feedback+
dbaio: merge-quarterly+


Attachments
Use --deploy-hook (1.13 KB, patch)
2020-04-27 06:10 UTC, Max Khon
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Max Khon freebsd_committer 2020-04-27 06:10:37 UTC
Created attachment 213834 [details]
Use --deploy-hook

If webroot authentication is used ACME challenge verification fails:

Domain: <domain>.com
Type:   connection
Detail: Fetching http://<domain>.com/.well-known/acme-challenge/GybuC13VP5mQu8h99KEJK-Fwh4WvMjI
dlLOKShJI91Q: Connection refused

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s)
 for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly
 routable IP address and that no firewalls are preventing the server from communicating with the client. If yo
u're using the webroot plugin, you should also verify that you are serving files from the webroot path you pro
vided.

Service should not be stopped before renewal. Patch is attached.
Comment 1 Danilo G. Baio freebsd_committer 2020-06-21 18:03:01 UTC
Please see review D25391, I tried to gather all scenarios in the periodic script.
Comment 2 commit-hook freebsd_committer 2020-07-11 12:34:20 UTC
A commit references this bug:

Author: dbaio
Date: Sat Jul 11 12:33:24 UTC 2020
New revision: 541966
URL: https://svnweb.freebsd.org/changeset/ports/541966

Log:
  security/py-certbot: Improve periodic script

  This change will keep the default behavior in the periodic script
  and will add options to customize each parameter for those who want to:
   - weekly_certbot_pre_hook
   - weekly_certbot_post_hook
   - weekly_certbot_deploy_hook
   - weekly_certbot_custom_args

  PR:		245674, 245954
  Reported by:	amdmi3, fjoe
  Reviewed by:	koobs
  Approved by:	dbaio, koobs (python, maintainer)
  MFH:		2020Q3
  Differential Revision:	https://reviews.freebsd.org/D25391

Changes:
  head/security/py-certbot/Makefile
  head/security/py-certbot/files/500.certbot.in
  head/security/py-certbot/files/pkg-message.in
  head/security/py-certbot/pkg-message
Comment 3 Danilo G. Baio freebsd_committer 2020-07-11 12:38:06 UTC
Committed, waiting MFH.
Comment 4 commit-hook freebsd_committer 2020-07-11 12:50:25 UTC
A commit references this bug:

Author: dbaio
Date: Sat Jul 11 12:50:21 UTC 2020
New revision: 541967
URL: https://svnweb.freebsd.org/changeset/ports/541967

Log:
  MFH: r541966

  security/py-certbot: Improve periodic script

  This change will keep the default behavior in the periodic script
  and will add options to customize each parameter for those who want to:
   - weekly_certbot_pre_hook
   - weekly_certbot_post_hook
   - weekly_certbot_deploy_hook
   - weekly_certbot_custom_args

  PR:		245674, 245954
  Reported by:	amdmi3, fjoe
  Reviewed by:	koobs
  Approved by:	dbaio, koobs (python, maintainer)
  Differential Revision:	https://reviews.freebsd.org/D25391

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/security/py-certbot/Makefile
  branches/2020Q3/security/py-certbot/files/500.certbot.in
  branches/2020Q3/security/py-certbot/files/pkg-message.in
  branches/2020Q3/security/py-certbot/pkg-message