Legacy Update
Certificate expiry issue resolved #68
kirb
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Thank you to everyone who reported legacyupdate.net being down. All has been fixed now and it shouldn’t happen again.
The technical details, for anyone who’s interested:
There was a configuration issue on my server that made certbot write the ACME verification file to the wrong place, so Let’s Encrypt was refusing to issue a new certificate.
Previously, you would set up a cron job so
certbot renewruns once a week or so. However, certbot now has a systemd timer unit, which replaces any need to configure a cron, and runs twice a day. While cron is designed to email error output to the server admin, systemd lacks this feature, which I’m now pretty disappointed by because it would have alerted me to the issue within a few days of the change I made that broke it. Instead, it failed twice a day for about 76 days, ever since I made the server-side changes that went with the Legacy Update 1.0 release, until the issue was finally made obvious by the site going down as a whole.I fixed the certbot config, and the certs have now been renewed. I found some tricks that bring cron-like mail functionality to systemd, so I’ll be looking into this to hopefully make it a standard part of my initial server setup.
Beta Was this translation helpful? Give feedback.
All reactions