Closed CGamesPlay closed 7 years ago
Hmm, that sounds like a bug. It already has cron installed into the container, and the cron daemon is supposed to run every week to renew the certificates where needed:
cat >/etc/cron.weekly/letsencrypt <<EOF
#!bin/bash
/srv/letsencrypt/letsencrypt-auto certonly --keep --debug --agree-tos --webroot -w /srv/letsencrypt-webroot --email $SSL_EMAIL -d $PHABRICATOR_HOST
EOF
If you run docker exec -ti .... cat /etc/cron.weekly/letsencrypt
, does it show that a file is at that location?
I can confirm that script exists on the new image and appears to be correct. I can also confirm cron is running in the new container.
Docker seems to have garbage collected the old container so I can't look at the failed instance. I'm happy to provide any logs if this happens again on the current container. The image ID is 60f6d3bea378
Sure, if it does happen again, can you check that:
/etc/cron.weekly/letsencrypt
file is present, and/etc/cron.weekly/letsencrypt
manually via docker exec
update the certificate and restore service?/etc/cron.weekly/letsencrypt
file is present,/etc/cron.weekly/letsencrypt
manually produces the following:d4c4a27fe9f1:/ # /etc/cron.weekly/letsencrypt
An unexpected error occurred:
Bug in pythondialog: expected an empty output from u'infobox', but got: u'Error opening terminal: unknown.\n'Please see the logfile 'certbot.log' for more details.
d4c4a27fe9f1:/ # cat certbot.log
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 749, in main
setup_logging(config)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 653, in setup_logging
logger.info("Saving debug log to %s", log_file_path)
File "/usr/lib64/python2.7/logging/__init__.py", line 1160, in info
self._log(INFO, msg, args, **kwargs)
File "/usr/lib64/python2.7/logging/__init__.py", line 1279, in _log
self.handle(record)
File "/usr/lib64/python2.7/logging/__init__.py", line 1289, in handle
self.callHandlers(record)
File "/usr/lib64/python2.7/logging/__init__.py", line 1329, in callHandlers
hdlr.handle(record)
File "/usr/lib64/python2.7/logging/__init__.py", line 757, in handle
self.emit(record)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/log.py", line 64, in emit
self.width + self.PADDING_WIDTH)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/dialog.py", line 2675, in infobox
kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/dialog.py", line 1765, in _widget_with_no_output
widget_name, output))
PythonDialogBug
Docker images:
phabricator@phab:~$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hachque/phabricator latest 1cc476a6c069 5 months ago 1.153 GB
mariadb latest 1ada4b967325 5 months ago 386.5 MB
Should I just do docker pull hachque/phabricator
? Will it break the installation?
This should be fixed with the latest merged PR. I suggest waiting a little while for the Docker Hub to build the new image, then running docker pull
to obtain the fix.
And no, you can do docker pull hachque/phabricator
at any time and things should not break. However you will get Phabricator automatically upgraded when you start the container if you haven't overridden the repositories or branches as outlined in Advanced Configuration.
For my instance it's enough to git pull
(actually, I just edited the files in-place) and restart the container, since I do not build, I just run the container, and the fixes are in the files that get copied into on start. But it depends on configs/usage(build/run)/image version I suppose.
My phabricator instance needed to be bounced today because the Let's Encrypt certificate had expired. Is there already a mechanism to auto renew Let's Encrypt certs? If not, what's the best way to add one? I bet that Phabricator already has some kind of cron like service installed, but how to use it?