Ubuntu
python-certbot package

Timer renewal doesn't use --preconfigured-renewal

Bug #1928311 reported by Robie Basak
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-certbot (Debian)
Fix Released
Unknown
python-certbot (Ubuntu)
Fix Released
Low
Athos Ribeiro

Bug Description

Upstream have requested that we use --preconfigured-renewal when we call "certbot renew" automatically.

This could be done from /etc/letsencrypt/cli.ini (which we ship).

Tags: server-todo
Revision history for this message
Robie Basak (racb) wrote :

Here's the full detail from Erica, quoted with permission.

Hello Certbot's packagers,

In Certbot v1.9.0, the CLI flag --preconfigured-renewal<U+200B> was added (https://certbot.eff.org/docs/packaging.html):
--preconfigured-renewal<U+200B> should be included on the CLI or in cli.ini for all invocations of Certbot, so that it can adjust its interactive output regarding automated renewal (Certbot >= 1.9.0).
Certbot will be making use of this flag in its upcoming v1.16.0 release, in order to provide instruction to the user about automated renewal.

Certbot packages which include a cronjob or timer to perform automatic renewal should run with this CLI flag enabled.

One way to do this would be to include or merge it into the cli.ini<U+200B> file (similar to what the Debian package currently does<https://salsa.debian.org/letsencrypt-team/certbot/certbot/-/blob/master/debian/cli.ini> to disable log rotation):

```
$ cat /etc/letsencrypt/cli.ini
preconfigured-renewal = True
```

We would love to see this change applied to your Certbot package.

Thank you!
Erica

Revision history for this message
Harlan Lieberman-Berg (hlieberman) wrote :

Unless you all need it sooner, my plan is to add this to the cli.ini file with the first upload post-freeze. You should be able to sync it over from then. Erica confirmed that the flag has no functionality prior to the v1.16 release, and v1.12 is what's in the freeze.

Let me know if you need it sooner, and I can do an upload to exp for you to sync from.

Bug Watch Updater (bug-watch-updater)
Changed in python-certbot (Debian):
status: Unknown → New
Athos Ribeiro (athos-ribeiro)
Changed in python-certbot (Ubuntu):
importance: Medium → Low
tags: added: server-todo
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Hi Harlan,

There is no rush nor need to sync this from experimental.

I did file an MR in salsa for this one at https://salsa.debian.org/letsencrypt-team/certbot/certbot/-/merge_requests/5

Christian Ehrhardt  (paelzer)
Changed in python-certbot (Ubuntu):
assignee: nobody → Athos Ribeiro (athos-ribeiro)
Bug Watch Updater (bug-watch-updater)
Changed in python-certbot (Debian):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-certbot - 1.21.0-1

---------------
python-certbot (1.21.0-1) unstable; urgency=medium

  [ Athos Ribeiro ]
  * Add preconfigured renewal flag (closes: #988483) (LP: #1928311)

  [ James Valleroy ]
  * d/upstream/metadata: Add Donation field

  [ Harlan Lieberman-Berg ]
  * Add new signing keys, see bug #999503
  * New upstream version 1.21.0
  * Bump dependency versions.
  * Bump S-V; no changes needed
  * Run wrap-and-sort
  * Work around python test suite failure.

 -- Harlan Lieberman-Berg <email address hidden> Thu, 18 Nov 2021 20:23:12 -0500

Changed in python-certbot (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.