Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1839904
Summary: | apachectl graceful interfering with verifying next cert to be signed | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Stuart D Gathman <stuart> | ||||
Component: | acme-tiny | Assignee: | Stuart D Gathman <stuart> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | epel7 | CC: | stuart | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | acme-tiny-4.1.0-7.fc34 acme-tiny-4.1.0-7.fc33 acme-tiny-4.1.0-7.el7 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-06-28 01:31:11 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Stuart D Gathman
2020-05-25 23:22:51 UTC
The jilted certs will get signed the next day, and thus, the problem will correct itself. In addition, kicking apache/dovecot/sendmail does not happen out of the box. User has to read the README for fedora and install incrond. I think with systemd, I can have another one-shot service run after acme-tiny. This will avoid needing to install anything additional. Comparing dates on certs will only happen once a day, so not a performance problem. It will avoid kicking the daemons until After all the certs are signed. Created attachment 1787693 [details]
Proof of concept for compatible daemon kicker when acme-tiny updates certs
Pushed a new version to rawhide. Accidentally also pushed to f33, so pushed to f34 as well and will accelerate testing. I will roll out on some lightly used production servers. FEDORA-EPEL-2021-551ec36d33 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-551ec36d33 FEDORA-2021-be8fcce052 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-be8fcce052 FEDORA-2021-cb636961f0 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-cb636961f0 FEDORA-2021-be8fcce052 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-be8fcce052` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-be8fcce052 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2021-551ec36d33 has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-551ec36d33 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-cb636961f0 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-cb636961f0` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-cb636961f0 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-be8fcce052 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-cb636961f0 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-EPEL-2021-551ec36d33 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report. |