From 7a7b0fea3786c1c4009fb580e96ae16c84f69cb3 Mon Sep 17 00:00:00 2001 From: Abhishek Balam Date: Mon, 7 Sep 2020 18:58:24 +0530 Subject: [PATCH 1/7] fix: update letsencrypt renew cron frequency --- bench/config/lets_encrypt.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bench/config/lets_encrypt.py b/bench/config/lets_encrypt.py index 5f0396b9..872cd129 100755 --- a/bench/config/lets_encrypt.py +++ b/bench/config/lets_encrypt.py @@ -90,7 +90,7 @@ def setup_crontab(): system_crontab = CronTab(user='root') if job_command not in str(system_crontab): job = system_crontab.new(command=job_command, comment="Renew lets-encrypt every month") - job.day.on(1) + job.every(1).day() system_crontab.write() From 7dcd5f9ce3c3322f0a5d96f1b9624c6215f76448 Mon Sep 17 00:00:00 2001 From: Abhishek Balam Date: Tue, 8 Sep 2020 12:15:35 +0530 Subject: [PATCH 2/7] fix: force renew on monthly bases --- bench/config/lets_encrypt.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bench/config/lets_encrypt.py b/bench/config/lets_encrypt.py index 872cd129..f9e596e0 100755 --- a/bench/config/lets_encrypt.py +++ b/bench/config/lets_encrypt.py @@ -86,11 +86,11 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True) def setup_crontab(): - job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"' + job_command = '/opt/certbot-auto renew --force-renewal -a nginx --post-hook "systemctl reload nginx"' system_crontab = CronTab(user='root') if job_command not in str(system_crontab): job = system_crontab.new(command=job_command, comment="Renew lets-encrypt every month") - job.every(1).day() + job.setall('0 0 1 * *') # Run at 00:00 on every day-of-month 1 system_crontab.write() From 097879e1fb855d4223fcce3ad359a2f9ec81d835 Mon Sep 17 00:00:00 2001 From: Abhishek Balam Date: Tue, 8 Sep 2020 12:58:56 +0530 Subject: [PATCH 3/7] feat: patch for older setups with wrong cron format --- .../v5/fix_letsencrypt_renew_frequency.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 bench/patches/v5/fix_letsencrypt_renew_frequency.py diff --git a/bench/patches/v5/fix_letsencrypt_renew_frequency.py b/bench/patches/v5/fix_letsencrypt_renew_frequency.py new file mode 100644 index 00000000..eda219ba --- /dev/null +++ b/bench/patches/v5/fix_letsencrypt_renew_frequency.py @@ -0,0 +1,19 @@ +from bench.config.common_site_config import get_config +from crontab import CronTab + + +def execute(bench_path): + """ + This patch fixes a cron job that would renew letsencrypt certificate + """ + + job_command = '/opt/certbot-auto renew --force-renewal -a nginx --post-hook "systemctl reload nginx"' + system_crontab = CronTab(user='root') + job_comment = "Renew lets-encrypt every month" + + for job in system_crontab.find_comment(job_comment) + system_crontab.remove(job) + job = system_crontab.new(command=job_command, comment=job_comment) + job.setall('0 0 1 * *') # Run at 00:00 on every day-of-month 1 + system_crontab.write() + break From 1e97cdf0c831e0ae46b3e7c579c96e05ca185916 Mon Sep 17 00:00:00 2001 From: Abhishek Balam Date: Tue, 8 Sep 2020 12:58:56 +0530 Subject: [PATCH 4/7] feat: patch for older setups with wrong cron format --- .../v5/fix_letsencrypt_renew_frequency.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 bench/patches/v5/fix_letsencrypt_renew_frequency.py diff --git a/bench/patches/v5/fix_letsencrypt_renew_frequency.py b/bench/patches/v5/fix_letsencrypt_renew_frequency.py new file mode 100644 index 00000000..2c17d98d --- /dev/null +++ b/bench/patches/v5/fix_letsencrypt_renew_frequency.py @@ -0,0 +1,19 @@ +from bench.config.common_site_config import get_config +from crontab import CronTab + + +def execute(bench_path): + """ + This patch fixes a cron job that would renew letsencrypt certificate + """ + + job_command = '/opt/certbot-auto renew --force-renewal -a nginx --post-hook "systemctl reload nginx"' + system_crontab = CronTab(user='root') + job_comment = "Renew lets-encrypt every month" + + for job in system_crontab.find_comment(job_comment) + system_crontab.remove(job) + job = system_crontab.new(command=job_command, comment=job_comment) + job.setall('0 0 1 * *') # Run at 00:00 on every day-of-month 1 + system_crontab.write() + break From 408676c80e3fa37e3794584b12e73c2060cfa55f Mon Sep 17 00:00:00 2001 From: Abhishek Balam Date: Wed, 9 Sep 2020 19:38:18 +0530 Subject: [PATCH 5/7] fix: removed force renewal as it would extend by 3 months every month, now the job runs daily --- bench/config/lets_encrypt.py | 4 ++-- bench/patches/v5/fix_letsencrypt_renew_frequency.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bench/config/lets_encrypt.py b/bench/config/lets_encrypt.py index f9e596e0..bea1b86b 100755 --- a/bench/config/lets_encrypt.py +++ b/bench/config/lets_encrypt.py @@ -86,11 +86,11 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True) def setup_crontab(): - job_command = '/opt/certbot-auto renew --force-renewal -a nginx --post-hook "systemctl reload nginx"' + job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"' system_crontab = CronTab(user='root') if job_command not in str(system_crontab): job = system_crontab.new(command=job_command, comment="Renew lets-encrypt every month") - job.setall('0 0 1 * *') # Run at 00:00 on every day-of-month 1 + job.setall('0 0 */1 * *') # Run at 00:00 every day-of-month system_crontab.write() diff --git a/bench/patches/v5/fix_letsencrypt_renew_frequency.py b/bench/patches/v5/fix_letsencrypt_renew_frequency.py index 61b82111..73806c54 100644 --- a/bench/patches/v5/fix_letsencrypt_renew_frequency.py +++ b/bench/patches/v5/fix_letsencrypt_renew_frequency.py @@ -7,13 +7,13 @@ def execute(bench_path): This patch fixes a cron job that would renew letsencrypt certificate """ - job_command = '/opt/certbot-auto renew --force-renewal -a nginx --post-hook "systemctl reload nginx"' + job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"' system_crontab = CronTab(user='root') job_comment = "Renew lets-encrypt every month" - for job in system_crontab.find_comment(job_comment) + for job in system_crontab.find_comment(job_comment): system_crontab.remove(job) job = system_crontab.new(command=job_command, comment=job_comment) - job.setall('0 0 1 * *') # Run at 00:00 on every day-of-month 1 + job.setall('0 0 */1 * *') # Run at 00:00 every day-of-month system_crontab.write() break From 87edc4e10932a9ce92215fef00daada5f6817b7d Mon Sep 17 00:00:00 2001 From: Abhishek Balam Date: Wed, 9 Sep 2020 21:31:57 +0530 Subject: [PATCH 6/7] fix: removed patch --- bench/config/lets_encrypt.py | 15 +++++++++++---- .../v5/fix_letsencrypt_renew_frequency.py | 19 ------------------- 2 files changed, 11 insertions(+), 23 deletions(-) delete mode 100644 bench/patches/v5/fix_letsencrypt_renew_frequency.py diff --git a/bench/config/lets_encrypt.py b/bench/config/lets_encrypt.py index bea1b86b..2615784d 100755 --- a/bench/config/lets_encrypt.py +++ b/bench/config/lets_encrypt.py @@ -87,11 +87,15 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True) def setup_crontab(): job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"' + job_comment = 'Renew lets-encrypt every month' system_crontab = CronTab(user='root') - if job_command not in str(system_crontab): - job = system_crontab.new(command=job_command, comment="Renew lets-encrypt every month") - job.setall('0 0 */1 * *') # Run at 00:00 every day-of-month - system_crontab.write() + + for job in system_crontab.find_comment(comment=job_comment): # Removes older entries + system_crontab.remove(job) + + job = system_crontab.new(command=job_command, comment=job_comment) + job.setall('0 0 */1 * *') # Run at 00:00 every day-of-month + system_crontab.write() def create_dir_if_missing(path): @@ -113,10 +117,13 @@ def get_certbot_path(): def renew_certs(): + # Needs to be run with sudo click.confirm('Running this will stop the nginx service temporarily causing your sites to go offline\n' 'Do you want to continue?', abort=True) + setup_crontab() + service('nginx', 'stop') exec_cmd("{path} renew".format(path=get_certbot_path())) service('nginx', 'start') diff --git a/bench/patches/v5/fix_letsencrypt_renew_frequency.py b/bench/patches/v5/fix_letsencrypt_renew_frequency.py deleted file mode 100644 index 73806c54..00000000 --- a/bench/patches/v5/fix_letsencrypt_renew_frequency.py +++ /dev/null @@ -1,19 +0,0 @@ -from bench.config.common_site_config import get_config -from crontab import CronTab - - -def execute(bench_path): - """ - This patch fixes a cron job that would renew letsencrypt certificate - """ - - job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"' - system_crontab = CronTab(user='root') - job_comment = "Renew lets-encrypt every month" - - for job in system_crontab.find_comment(job_comment): - system_crontab.remove(job) - job = system_crontab.new(command=job_command, comment=job_comment) - job.setall('0 0 */1 * *') # Run at 00:00 every day-of-month - system_crontab.write() - break From c9abac299a3b46f08b0b4406449bb82ed90a60a2 Mon Sep 17 00:00:00 2001 From: Gavin D'souza Date: Thu, 10 Sep 2020 10:53:51 +0530 Subject: [PATCH 7/7] fix: Updated command help and verbosity while setting crontab --- bench/commands/utils.py | 2 +- bench/config/lets_encrypt.py | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bench/commands/utils.py b/bench/commands/utils.py index 78899d19..5d9ac6d5 100644 --- a/bench/commands/utils.py +++ b/bench/commands/utils.py @@ -111,7 +111,7 @@ def download_translations(): download_translations_p() -@click.command('renew-lets-encrypt', help="Renew Let's Encrypt certificate") +@click.command('renew-lets-encrypt', help="Sets Up latest cron and Renew Let's Encrypt certificate") def renew_lets_encrypt(): from bench.config.lets_encrypt import renew_certs renew_certs() diff --git a/bench/config/lets_encrypt.py b/bench/config/lets_encrypt.py index 2615784d..32ca3380 100755 --- a/bench/config/lets_encrypt.py +++ b/bench/config/lets_encrypt.py @@ -88,6 +88,8 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True) def setup_crontab(): job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"' job_comment = 'Renew lets-encrypt every month' + print("Setting Up cron job to {0}".format(job_comment)) + system_crontab = CronTab(user='root') for job in system_crontab.find_comment(comment=job_comment): # Removes older entries