Closed reddog closed 7 years ago
iteles
commented
7 years ago @reddog This has been added to the top of the 'Sprint 2' milestone, though we are already half way through our mini sprint 2 and this requirement has not yet been discussed.
Following your logic from our stand up yesterday, given this is not going to be an issue for around 90 days, are we better off leaving this for sprint 3? Let's discuss on the standup this afternoon.
reddog
commented
7 years ago @iteles I think it has been moved a little and is no longer at the top of the list.
I hadn't checked previously if certbot auto-renewing had been configured. Maybe it should have been safe to assume it was, maybe not?
You are right, it will not be required until about 90 days' time. However there are two server setup tasks happening within this sprint.
Implementation of this issue is adding a cron job. It would seem to minimise context switching by doing this at the same time as the other server setup issues.
Of course it would be useful to get @RobStallion's time estimation on this. Can that please be done before the standup call.
RobStallion
commented
7 years ago Have found the following command in certbot documentation
certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"
This command should stop nginx, renew the certificate (if it is going to expire within 30 days) and then restart nginx.
Look into cron to make this something that will happen automatically
reddog
commented
7 years ago @RobStallion Thanks for your update.
I just wanted to check, is your estimate of 1 1/2 hours just for adding the cron job or are there other steps required?
RobStallion
commented
7 years ago @reddog I spent 25 minutes on this in the morning looking up the steps that I would need to take. What I mentioned in the comment above are all the steps that I think it will take to complete this issue. I am estimating that this issue as a whole will take 1.5 hours.
If while working on this I find that there are additional steps required I will add them.
reddog
commented
7 years ago @RobStallion Thanks for that. Are you comfortable with adding a cron job entry?
RobStallion
commented
7 years ago @reddog as I mentioned in this comment I will need to look into `cron to make this something that will happen automatically but I feel like it is something that I will be able to achieve.
RobStallion
commented
7 years ago This issue has been completed. Updated the crontab on the servers. Thanks @reddog for your help with this 👍
reddog
commented
7 years ago @RobStallion Thanks very much for doing this. Can the steps required please be added to the deployment document at #191
RobStallion
commented
7 years ago @reddog Thanks again for your help with completing this issue.
The question in the comment above is better suited in issue #191. You have referenced this issue in #191 and asked for the documentation to be updated with the steps that we took resolved this issue.
This issue does not need to remain open in order for the documentation to be updated so I am going to re-close it for clarity.
macroramesh6
commented
5 years ago I have tried this command works fine
sudo certbot renew --authenticator standalone --installer nginx --pre-hook "service nginx stop" --post-hook "service nginx start"
Users need to be able to continue to access a secure site with valid SSL certificate at all times.
Is certbot (Let's Encrypt agent) configured to auto-renew SSL certificates?
Let's Encrypt certificates expire after 90 days. Once a website certificate expires, accessing that site will present a browser message strongly worded such that the user should not continue using the site.
certbot comes with an easy to configure cron-able utility to auto-renew certificates, see https://certbot.eff.org/#ubuntuxenial-nginx
certbot auto-renewal should be configured for both test and live sites.