[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Letsencrypt-devel] Certbot in Debian Stretch

On 11/25/2016 12:45 PM, Christian Seiler wrote:
> On 11/25/2016 10:34 AM, Thijs Kinkhorst wrote:
>> On Thu, November 24, 2016 22:28, Harlan Lieberman-Berg wrote:
>>> On November 24, 2016 11:59:46 AM EST, James Cloos <cloos@jhcloos.com>
>>> wrote:
>>>> The jessie and jessie-backports releases of certbot have not, in
>>>> general, been usable.  There have been usable windows, but it has not
>>>> been continuous.
>>>
>>> Certbot has never been in jessie, so I imagine it wouldn't have been
>>> usable.
>>>
>>> I'm also haven't gotten any tickets about it being unusable. Can you
>>> please provide me a link to the tickets you filed when you found it
>>> unusable?
>>
>> FWIW certbot from jessie-backports has been working fine for me in several
>> contexts.
> 
> Same here. The only problem I had is when the package was renamed
> from letsencrypt to certbot; that wasn't handled properly the way
> I expect something like this to be handled, I had to manually coax
> APT to get it installed. (A simple upgrade or dist-upgrade would
> have just removed a lot of packages. I don't remember the precise
> details, sorry, and I was too busy with other things to properly
> report this.) Other than that it just worked after setting it up
> initially.

Actually, correction: there was one upgrade issue. Recently systemd
timer support was added, so that on systemd systems certbot is now
started via a systemd unit and not via cron. That in and by itself
is not an issue (it works fine), but I had modified the cron job to
pass --renew-hook and --post-hook to certbot. (As far as I can tell,
there's no way of setting these in a configuration file.) The only
reason I noticed that was that dpkg complained about incompatible
configuration file changes (for the cron job) that I had to look at
manually. I then proceeded to drop in a file
/etc/systemd/system/certbot.service.d/hooks.conf
with the contents

[Service]
ExecStart=
ExecStart=/usr/bin/certbot -q renew --renew-hook ... --post-hook ...

to make this equivalent to the modifications I had done in the
cron jobs beforehand, because the cron job was now modified to only
be run on systemd systems.

I understand how systemd, cron, etc. work quite well, so this was
not a big deal for me - but there was no NEWS entry in the Debian
package that apt-listchanges would have picked up by default
(most people, myself included, only list NEWS and not d/changelog
for upgrades), and there was no debconf prompt or anything to help
the user with respect to upgrades.

Combine that with the fact that editing the cron job was the
recommended way of setting the hooks from the tutorials I had read,
this is really not something I enjoyed having to do on a stable
system. Especially since this is quite unnecessary: doing this
with systemd units on systems running systemd might be a bit nicer
than using cron, but cron worked just fine on the very same system
beforehand - so this is a change that didn't have any immediate
benefit in my case, but just caused me some extra work.

I get that backports have to track stretch, and that in the stretch
package you might want to have the nicer variant in the first place,
so I don't begrudge that this change was made, but at the very
least I would have hoped for a NEWS entry for this change.

Regards,
Christian
Reply to: