How to avoid renewing your certificates
So, a few months ago, I set up an XMPP server. To manage the TLS certificates, I wanted to use certbot again. Alas, the version that Debian shipped in their repos didn’t support the deploy hook feature I needed for that (iirc).
So to migrate, I uninstalled the apt repository certbot package, created an venv and installed certbot via pip (or maybe the other way around), deleted the cronjob and created a systemd unit instead to renew the certificates, yadda yadda.
Fast forward to a few days ago when I realized my XMPP client on the smartphone wouldn’t connect anymore. A few days later I had the time to investigate.
Sure enough, certbot certificates
showed (nearly) all my certificates as expired.
Huh?
After digging around in the system to find out what I did at all (“Why is there no cron job? … Why does journalctl say there was an exit code of 1 of the service?”) I opened the unit / service file to find this line:
ExecStart=false && /usr/local/bin/certbot -q renew --no-random-sleep-on-renew
… Uuuuhhhhhhh…
I can only imagine this false
got inserted during the migration phase. And
I forgot to remove it.
Kommentare / Comments
Kommentare werden von mir selbst auf einem anderen Server über Isso gehostet.
Comments are hosted by myself on another server, powered by Isso.