From aa3f8c5463c3a04628c30d9ab7853f73e16b4bd5 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 29 Jan 2019 22:39:14 +0100 Subject: [PATCH] committing changes in /etc after apt run Package changes: -apt 1.4.8 amd64 +apt 1.4.9 amd64 -apt-transport-https 1.4.8 amd64 -apt-utils 1.4.8 amd64 +apt-transport-https 1.4.9 amd64 +apt-utils 1.4.9 amd64 -base-files 9.9+deb9u6 amd64 +base-files 9.9+deb9u7 amd64 -certbot 0.10.2-1 all +certbot 0.28.0-1~deb9u1 all -letsencrypt 0.10.2-1 all +letsencrypt 0.28.0-1~deb9u1 all -libapache2-mod-php7.0 7.0.30-0+deb9u1 amd64 +libapache2-mod-php7.0 7.0.33-0+deb9u1 amd64 -libapt-inst2.0 1.4.8 amd64 -libapt-pkg5.0 1.4.8 amd64 +libapt-inst2.0 1.4.9 amd64 +libapt-pkg5.0 1.4.9 amd64 -libpam-systemd 232-25+deb9u6 amd64 +libpam-systemd 232-25+deb9u8 amd64 -libssl1.0.2 1.0.2l-2+deb9u3 amd64 +libssl1.0.2 1.0.2q-1~deb9u1 amd64 -libsystemd0 232-25+deb9u6 amd64 +libsystemd0 232-25+deb9u8 amd64 -libudev1 232-25+deb9u6 amd64 +libudev1 232-25+deb9u8 amd64 -libzmq5 4.2.1-4 amd64 +libzmq5 4.2.1-4+deb9u1 amd64 -php7.0 7.0.30-0+deb9u1 all -php7.0-cli 7.0.30-0+deb9u1 amd64 -php7.0-common 7.0.30-0+deb9u1 amd64 -php7.0-gd 7.0.30-0+deb9u1 amd64 -php7.0-json 7.0.30-0+deb9u1 amd64 -php7.0-ldap 7.0.30-0+deb9u1 amd64 -php7.0-mcrypt 7.0.30-0+deb9u1 amd64 -php7.0-opcache 7.0.30-0+deb9u1 amd64 -php7.0-readline 7.0.30-0+deb9u1 amd64 +php7.0 7.0.33-0+deb9u1 all +php7.0-cli 7.0.33-0+deb9u1 amd64 +php7.0-common 7.0.33-0+deb9u1 amd64 +php7.0-gd 7.0.33-0+deb9u1 amd64 +php7.0-json 7.0.33-0+deb9u1 amd64 +php7.0-ldap 7.0.33-0+deb9u1 amd64 +php7.0-mcrypt 7.0.33-0+deb9u1 amd64 +php7.0-opcache 7.0.33-0+deb9u1 amd64 +php7.0-readline 7.0.33-0+deb9u1 amd64 -python-acme 0.10.2-1 all +python-acme 0.28.0-1~deb9u1 all -python-certbot-apache 0.10.2-1 all +python-certbot-apache 0.28.0-1~deb9u1 all +python-josepy 1.1.0-2~deb9u1 all -python-parsedatetime 2.1-3 all +python-parsedatetime 2.1-3+deb9u1 all +python-requests-toolbelt 0.7.0-1 all +python3-acme 0.28.0-1~deb9u1 all +python3-augeas 0.5.0-1 all +python3-certbot 0.28.0-1~deb9u1 all +python3-certbot-apache 0.28.0-1~deb9u1 all +python3-chardet 2.3.0-2 all +python3-configargparse 0.11.0-1 all +python3-josepy 1.1.0-2~deb9u1 all +python3-mock 2.0.0-3 all +python3-openssl 16.2.0-1 all +python3-parsedatetime 2.1-3+deb9u1 all +python3-pbr 1.10.0-1 all +python3-requests 2.12.4-1 all +python3-requests-toolbelt 0.7.0-1 all +python3-rfc3339 1.0-4 all +python3-tz 2016.7-0.3 all +python3-urllib3 1.19.1-1 all +python3-zope.component 4.3.0-1 all +python3-zope.event 4.2.0-1 all +python3-zope.hookable 4.0.4-4+b2 amd64 +python3-zope.interface 4.3.2-1 amd64 -systemd 232-25+deb9u6 amd64 +systemd 232-25+deb9u8 amd64 -systemd-sysv 232-25+deb9u6 amd64 +systemd-sysv 232-25+deb9u8 amd64 -tzdata 2018g-0+deb9u1 all +tzdata 2018i-0+deb9u1 all -udev 232-25+deb9u6 amd64 +udev 232-25+deb9u8 amd64 -yamllint 1.13.0-1~bpo9+1 all +yamllint 1.14.0-1~bpo9+1 all --- .etckeeper | 2 ++ cron.d/certbot | 8 +++++++- debian_version | 2 +- letsencrypt/cli.ini | 3 +++ logrotate.d/certbot | 6 ++++++ 5 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 letsencrypt/cli.ini create mode 100644 logrotate.d/certbot diff --git a/.etckeeper b/.etckeeper index aa7bd9d..259c368 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1105,6 +1105,7 @@ maybe chmod 0644 'letsencrypt/archive/git.uhu-banane.net/privkey6.pem' maybe chmod 0644 'letsencrypt/archive/git.uhu-banane.net/privkey7.pem' maybe chmod 0644 'letsencrypt/archive/git.uhu-banane.net/privkey8.pem' maybe chmod 0644 'letsencrypt/archive/git.uhu-banane.net/privkey9.pem' +maybe chmod 0644 'letsencrypt/cli.ini' maybe chmod 0755 'letsencrypt/csr' maybe chmod 0644 'letsencrypt/csr/0000_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/0001_csr-certbot.pem' @@ -1161,6 +1162,7 @@ maybe chmod 0644 'logrotate.d/apache2' maybe chmod 0644 'logrotate.d/apt' maybe chmod 0644 'logrotate.d/aptitude' maybe chmod 0644 'logrotate.d/bind' +maybe chmod 0644 'logrotate.d/certbot' maybe chmod 0644 'logrotate.d/chrony' maybe chmod 0644 'logrotate.d/chrony.dpkg-dist' maybe chmod 0644 'logrotate.d/dpkg' diff --git a/cron.d/certbot b/cron.d/certbot index dc2f28b..e38dbb9 100644 --- a/cron.d/certbot +++ b/cron.d/certbot @@ -5,7 +5,13 @@ # Eventually, this will be an opportunity to validate certificates # haven't been revoked, etc. Renewal will only occur if expiration # is within 30 days. +# +# Important Note! This cronjob will NOT be executed if you are +# running systemd as your init system. If you are running systemd, +# the cronjob.timer function takes precedence over this cronjob. For +# more details, see the systemd.timer manpage, or use systemctl show +# certbot.timer. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew +0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew diff --git a/debian_version b/debian_version index c026ac8..9d5e716 100644 --- a/debian_version +++ b/debian_version @@ -1 +1 @@ -9.6 +9.7 diff --git a/letsencrypt/cli.ini b/letsencrypt/cli.ini new file mode 100644 index 0000000..05a8e4f --- /dev/null +++ b/letsencrypt/cli.ini @@ -0,0 +1,3 @@ +# Because we are using logrotate for greater flexibility, disable the +# internal certbot logrotation. +max-log-backups = 0 \ No newline at end of file diff --git a/logrotate.d/certbot b/logrotate.d/certbot new file mode 100644 index 0000000..05caa95 --- /dev/null +++ b/logrotate.d/certbot @@ -0,0 +1,6 @@ +/var/log/letsencrypt/*.log { + rotate 12 + weekly + compress + missingok +} \ No newline at end of file -- 2.39.5