airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AIRAVATA-2627) Letsencrypt auto renewal is preventing Apache from restarting
Date Tue, 09 Jan 2018 21:03:00 GMT

    [ https://issues.apache.org/jira/browse/AIRAVATA-2627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16319159#comment-16319159
] 

Marcus Christie commented on AIRAVATA-2627:
-------------------------------------------

Here's what I did
{noformat}
systemctl enable certbot-renew
systemctl start certbot-renew
systemctl enable certbot-renew.timer
systemctl start certbot-renew.timer
{noformat}

Verifying that the certbot-renew service ran successfully with {{journalctl -xe}}.

Verifying timer
{noformat}
# systemctl list-timers 
NEXT                         LEFT     LAST                         PASSED      UNIT      
                  ACTIVATES
Tue 2018-01-09 16:00:00 EST  46s left Tue 2018-01-09 15:00:01 EST  59min ago   docker-cleanup.timer
        docker-clea
Wed 2018-01-10 05:29:40 EST  13h left n/a                          n/a         certbot-renew.timer
         certbot-ren
Wed 2018-01-10 13:53:15 EST  21h left Tue 2018-01-09 13:53:15 EST  2h 5min ago systemd-tmpfiles-clean.timer
systemd-tmp

3 timers listed.
{noformat}

The service failed because we have 4 old, currently invalid certificates. To stop automatic
renewal of these I deleted their renewal/*.conf files:
{noformat}
rm /etc/letsencrypt/renewal/beta.scigap.org.conf
rm /etc/letsencrypt/renewal/beta.seagrid.org.conf 
rm /etc/letsencrypt/renewal/beta.testdrive.airavata.org.conf 
rm /etc/letsencrypt/renewal/cinet.scigap.org.conf 
{noformat}


> Letsencrypt auto renewal is preventing Apache from restarting
> -------------------------------------------------------------
>
>                 Key: AIRAVATA-2627
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2627
>             Project: Airavata
>          Issue Type: Bug
>          Components: PGA PHP Web Gateway
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>
> The {{certbot renew --quiet}} command in the crontab is apparently causing Apache to
fail to reload:
> From the systemd journal ({{journalctl -xe}}):
> {noformat}
> -- Unit session-34124.scope has begun starting up.
> Jan 09 12:50:01 gridfarm004.ucs.indiana.edu CROND[11610]: (root) CMD (/usr/lib64/sa/sa1
1 1)
> Jan 09 12:52:01 gridfarm004.ucs.indiana.edu systemd[1]: Started Session 34125 of user
root.
> -- Subject: Unit session-34125.scope has finished start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit session-34125.scope has finished starting up.
> -- 
> -- The start-up result is done.
> Jan 09 12:52:01 gridfarm004.ucs.indiana.edu systemd[1]: Starting Session 34125 of user
root.
> -- Subject: Unit session-34125.scope has begun start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit session-34125.scope has begun starting up.
> Jan 09 12:52:01 gridfarm004.ucs.indiana.edu CROND[11692]: (root) CMD (/usr/bin/certbot
renew --quiet)
> Jan 09 12:52:03 gridfarm004.ucs.indiana.edu httpd[11725]: AH00112: Warning: DocumentRoot
[/www/default] does not exist
> Jan 09 12:52:03 gridfarm004.ucs.indiana.edu httpd[11725]: AH00526: Syntax error on line
10 of /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf:
> Jan 09 12:52:03 gridfarm004.ucs.indiana.edu httpd[11725]: SSLCertificateFile: file '/var/lib/letsencrypt/YDnHNU3oKDOaT_oO2qXSoXR65gUb7k66KB0dF4nwT-8.crt'
does not exist or is empty
> Jan 09 12:52:03 gridfarm004.ucs.indiana.edu systemd[1]: httpd.service: control process
exited, code=exited status=1
> Jan 09 12:52:03 gridfarm004.ucs.indiana.edu systemd[1]: Reload failed for The Apache
HTTP Server.
> -- Subject: Unit httpd.service has finished reloading its configuration
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit httpd.service has finished reloading its configuration
> -- 
> -- The result is failed.
> Jan 09 12:52:03 gridfarm004.ucs.indiana.edu httpd[11735]: AH00112: Warning: DocumentRoot
[/www/default] does not exist
> Jan 09 12:52:03 gridfarm004.ucs.indiana.edu systemd[1]: Reloaded The Apache HTTP Server.
> -- Subject: Unit httpd.service has finished reloading its configuration
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit httpd.service has finished reloading its configuration
> -- 
> -- The result is done.
> Jan 09 12:52:05 gridfarm004.ucs.indiana.edu httpd[11757]: AH00112: Warning: DocumentRoot
[/www/default] does not exist
> Jan 09 12:52:05 gridfarm004.ucs.indiana.edu httpd[11757]: AH00526: Syntax error on line
10 of /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf:
> Jan 09 12:52:05 gridfarm004.ucs.indiana.edu httpd[11757]: SSLCertificateFile: file '/var/lib/letsencrypt/9qLZfLerTerU_bGLYPfXWXq-EXktXgYfNQAEQcdHSpE.crt'
does not exist or is empty
> Jan 09 12:52:05 gridfarm004.ucs.indiana.edu systemd[1]: httpd.service: control process
exited, code=exited status=1
> Jan 09 12:52:05 gridfarm004.ucs.indiana.edu systemd[1]: Reload failed for The Apache
HTTP Server.
> -- Subject: Unit httpd.service has finished reloading its configuration
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit httpd.service has finished reloading its configuration
> -- 
> -- The result is failed.
> Jan 09 12:52:05 gridfarm004.ucs.indiana.edu httpd[11767]: AH00112: Warning: DocumentRoot
[/www/default] does not exist
> Jan 09 12:52:05 gridfarm004.ucs.indiana.edu systemd[1]: Reloaded The Apache HTTP Server.
> -- Subject: Unit httpd.service has finished reloading its configuration
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit httpd.service has finished reloading its configuration
> -- 
> -- The result is done.
> Jan 09 12:52:07 gridfarm004.ucs.indiana.edu httpd[11796]: AH00112: Warning: DocumentRoot
[/www/default] does not exist
> Jan 09 12:52:07 gridfarm004.ucs.indiana.edu httpd[11796]: AH00526: Syntax error on line
10 of /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf:
> Jan 09 12:52:07 gridfarm004.ucs.indiana.edu httpd[11796]: SSLCertificateFile: file '/var/lib/letsencrypt/I69cuV1431Lfk88VjtDFxlBPEnagdg5atz9dhGhsxfY.crt'
does not exist or is empty
> Jan 09 12:52:07 gridfarm004.ucs.indiana.edu systemd[1]: httpd.service: control process
exited, code=exited status=1
> Jan 09 12:52:07 gridfarm004.ucs.indiana.edu systemd[1]: Reload failed for The Apache
HTTP Server.
> ...
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message