Thanks. I had found that template file, (and also see it geerated at shared/source/trellis/roles/letsencrypt/templates/renew-certs.py
) but was thinking it is supposed to turn into a hard-coded script with the literal emails in it. No?
You have to apply the Trellis ansible playbook on the server for provisioning.
During provisioning this python script file is indeed generated and put onto the server so it can be regularly invoked (cron) for renewing the certificates via Let’s Encrypt.
Thank you. That’s what I thought. But where on the server is it put?
Trellis should place it under /var/lib/letsencrypt/renew-certs.py
.
Note: You need root (sudo
as the Trellis admin
user) in order to list the directories and the file itself.
@mZoo were you just curious where it ended up? Just wondering… because it shouldn’t really matter. Or did you think it was causing an issue?
Curious, but more importantly wanting to confirm that the file is where and what it is supposed to be:
--contact mailto:still_employed@mzoo.org mailto:my_buddy@colleague.com mailto:worried.manager@owner.com
Does that look right? No separator (aside from the whitespace) necessary in the python file?
Update
(Fairly confident this is correct)
Seeing now that
In roles/letsencrypt/defaults/main.yml
locations/paths are configured
acme_tiny_software_directory: /usr/local/letsencrypt
acme_tiny_data_directory: /var/lib/letsencrypt
acme_tiny_challenges_directory: "{{ www_root }}/letsencrypt"
In roles/letsencrypt/tasks/certificates.yml
the script is generated
- name: Generate certificate renewal script
template:
src: renew-certs.py
dest: "{{ acme_tiny_data_directory }}/renew-certs.py"
mode: 0700
tags: [wordpress, wordpress-setup, wordpress-setup-nginx, nginx-includes]
In roles/letsencrypt/tasks/main.yml
cron job/file is generated
- name: Install cronjob for key generation
cron:
cron_file: letsencrypt-certificate-renewal
name: letsencrypt certificate renewal
user: root
job: cd {{ acme_tiny_data_directory }} && ./renew-certs.py ; /usr/sbin/service nginx reload
day: "{{ letsencrypt_cronjob_daysofmonth }}"
hour: "4"
minute: "30"
state: present
@mZoo sorry I’m a bit lost at this point. What’s the status at this point? If it’s not working, what the behaviour that you’re seeing?
No need to be sorry, @swalkinshaw. All is great. I had wanted to clarify where the LetsEncrypt emails ended up (and have).
Is there a recommended way to test that the renewal script is successfully provisioned and configured?
This topic was automatically closed after 42 days. New replies are no longer allowed.