From 4ed121f3431f2de2982b29d955eeae6191bb937a Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Sat, 8 Aug 2020 18:02:58 +0200
Subject: [PATCH] committing changes in /etc made by "apt install -y
 letsencrypt"

Package changes:
+certbot 0.31.0-1 all
+letsencrypt 0.31.0-1 all
+python3-acme 0.31.0-2 all
+python3-certbot 0.31.0-1 all
+python3-certifi 2018.8.24-1 all
+python3-chardet 3.0.4-3 all
+python3-configargparse 0.13.0-1 all
+python3-future 0.16.0-1 all
+python3-idna 2.6-1 all
+python3-josepy 1.1.0-2 all
+python3-mock 2.0.0-4 all
+python3-openssl 19.0.0-1 all
+python3-parsedatetime 2.4-2 all
+python3-pbr 4.2.0-5 all
+python3-requests 2.21.0-1 all
+python3-requests-toolbelt 0.8.0-1 all
+python3-rfc3339 1.1-1 all
+python3-tz 2019.1-1 all
+python3-urllib3 1.24.1-1 all
+python3-zope.component 4.3.0-1 all
+python3-zope.event 4.2.0-1 all
+python3-zope.hookable 4.0.4-4+b4 amd64
+python3-zope.interface 4.3.2-1+b2 amd64
---
 .etckeeper                                      |  4 ++++
 alternatives/futurize                           |  1 +
 alternatives/pasteurize                         |  1 +
 alternatives/pbr                                |  1 +
 cron.d/certbot                                  | 17 +++++++++++++++++
 letsencrypt/cli.ini                             |  3 +++
 logrotate.d/certbot                             |  6 ++++++
 .../system/timers.target.wants/certbot.timer    |  1 +
 8 files changed, 34 insertions(+)
 create mode 120000 alternatives/futurize
 create mode 120000 alternatives/pasteurize
 create mode 120000 alternatives/pbr
 create mode 100644 cron.d/certbot
 create mode 100644 letsencrypt/cli.ini
 create mode 100644 logrotate.d/certbot
 create mode 120000 systemd/system/timers.target.wants/certbot.timer

diff --git a/.etckeeper b/.etckeeper
index edf1fc5..8cac9ea 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -282,6 +282,7 @@ maybe chmod 0755 'cron.d'
 maybe chmod 0644 'cron.d/.placeholder'
 maybe chmod 0644 'cron.d/amavisd-new'
 maybe chmod 0644 'cron.d/apticron'
+maybe chmod 0644 'cron.d/certbot'
 maybe chmod 0644 'cron.d/greetings'
 maybe chmod 0644 'cron.d/php'
 maybe chmod 0644 'cron.d/sysstat'
@@ -934,6 +935,8 @@ maybe chmod 0755 'ldap'
 maybe chmod 0644 'ldap/ldap.conf'
 maybe chmod 0755 'ldap/schema'
 maybe chmod 0644 'ldap/schema/amavis.schema'
+maybe chmod 0755 'letsencrypt'
+maybe chmod 0644 'letsencrypt/cli.ini'
 maybe chmod 0644 'lftp.conf'
 maybe chmod 0644 'libaudit.conf'
 maybe chmod 0755 'libnl-3'
@@ -966,6 +969,7 @@ maybe chmod 0644 'logrotate.d/apt'
 maybe chmod 0644 'logrotate.d/aptitude'
 maybe chmod 0644 'logrotate.d/bind'
 maybe chmod 0644 'logrotate.d/btmp'
+maybe chmod 0644 'logrotate.d/certbot'
 maybe chmod 0644 'logrotate.d/chrony'
 maybe chmod 0644 'logrotate.d/clamav-daemon'
 maybe chmod 0644 'logrotate.d/clamav-freshclam'
diff --git a/alternatives/futurize b/alternatives/futurize
new file mode 120000
index 0000000..7d32d09
--- /dev/null
+++ b/alternatives/futurize
@@ -0,0 +1 @@
+/usr/bin/python3-futurize
\ No newline at end of file
diff --git a/alternatives/pasteurize b/alternatives/pasteurize
new file mode 120000
index 0000000..5263f7f
--- /dev/null
+++ b/alternatives/pasteurize
@@ -0,0 +1 @@
+/usr/bin/python3-pasteurize
\ No newline at end of file
diff --git a/alternatives/pbr b/alternatives/pbr
new file mode 120000
index 0000000..0ac3fb3
--- /dev/null
+++ b/alternatives/pbr
@@ -0,0 +1 @@
+/usr/bin/python3-pbr
\ No newline at end of file
diff --git a/cron.d/certbot b/cron.d/certbot
new file mode 100644
index 0000000..e38dbb9
--- /dev/null
+++ b/cron.d/certbot
@@ -0,0 +1,17 @@
+# /etc/cron.d/certbot: crontab entries for the certbot package
+#
+# Upstream recommends attempting renewal twice a day
+#
+# Eventually, this will be an opportunity to validate certificates
+# haven't been revoked, etc.  Renewal will only occur if expiration
+# is within 30 days.
+#
+# Important Note!  This cronjob will NOT be executed if you are
+# running systemd as your init system.  If you are running systemd,
+# the cronjob.timer function takes precedence over this cronjob.  For
+# more details, see the systemd.timer manpage, or use systemctl show
+# certbot.timer.
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
diff --git a/letsencrypt/cli.ini b/letsencrypt/cli.ini
new file mode 100644
index 0000000..05a8e4f
--- /dev/null
+++ b/letsencrypt/cli.ini
@@ -0,0 +1,3 @@
+# Because we are using logrotate for greater flexibility, disable the
+# internal certbot logrotation.
+max-log-backups = 0
\ No newline at end of file
diff --git a/logrotate.d/certbot b/logrotate.d/certbot
new file mode 100644
index 0000000..05caa95
--- /dev/null
+++ b/logrotate.d/certbot
@@ -0,0 +1,6 @@
+/var/log/letsencrypt/*.log {
+    rotate 12
+    weekly
+    compress
+    missingok
+}
\ No newline at end of file
diff --git a/systemd/system/timers.target.wants/certbot.timer b/systemd/system/timers.target.wants/certbot.timer
new file mode 120000
index 0000000..b8d4c22
--- /dev/null
+++ b/systemd/system/timers.target.wants/certbot.timer
@@ -0,0 +1 @@
+/lib/systemd/system/certbot.timer
\ No newline at end of file
-- 
2.39.5