Debian 8 Jessie cron tab bug, Apache 2.4 configs parser bug, IDN names advice


#1

I have installed certbot on Debian 8 Jessie, Apache 2.4 30 May 2016.
It is a excellent projects, but have bugs.

  1. /etc/cron.d/certbot have created with a cron job line:
  • */12 * * * root perl -e ‘sleep int(rand(3600))’; certbot -q renew

It certainly have to be changed to
0 */12 * * * root perl -e ‘sleep int(rand(3600))’; certbot -q renew

to start one cron job per 12 hours, not a 60 jobs per 12 hours!!

  1. I have a user-related apache 2.4 config includes like
    /etc/apache2/sites-available/username
    which have some sites description. If I start
    certbot --apache
    than I see not all http sites in the dialog.

I have to move domain.ru and www.domain.ru configs from
/etc/apache2/sites-available/username
to a separate
/etc/apache2/sites-available/domain.ru
to my site domain.ru and www.domain.ru will be shown by
"certbot --apache" normally.
So this is a inconvenient to split such configs for certbot.
It will be good if you fix that in the new versions.

  1. It will be good idea for your project to support new
    international (punycode) domains. Waiting for new versions…

Thank you!


#2

Sorry for text bad autoformatted.
`I have installed certbot on Debian 8 Jessie, Apache 2.4 30 May 2016.
It is a excellent projects, but have bugs.

  1. /etc/cron.d/certbot have created with a cron job line:
  • */12 * * * root perl -e ‘sleep int(rand(3600))’; certbot -q renew

It certainly have to be changed to
0 */12 * * * root perl -e ‘sleep int(rand(3600))’; certbot -q renew

to start one cron job per 12 hours, not a 60 jobs per 12 hours!!

  1. I have a user-related apache 2.4 config includes like
    /etc/apache2/sites-available/username
    which have some sites description. If I start
    certbot --apache
    than I see not all http sites in the dialog.

I have to move domain.ru and www.domain.ru configs from
/etc/apache2/sites-available/username
to a separate
/etc/apache2/sites-available/domain.ru
to my site domain.ru and www.domain.ru will be shown by
"certbot --apache" normally.
So this is a inconvenient to split such configs for certbot.
It will be good if you fix that in the new versions.

  1. It will be good idea for your project to support new
    international (punycode) domains. Waiting for new versions. Thank you!`

#3

That is odd, my cronjob looks like this by default:

cat /etc/cron.d/certbot
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
0 */12 * * * root perl -e 'sleep int(rand(3600))'; certbot -q renew

Could you elaborate a bit on that? Is this about the fact that certbot currently doesn’t support files with multiple <VirtualHost> tags, or were you having some other issue (in which case the actual config would be useful)?

The <VirtualHost> limitation is a long-standing bug and something that comes up quite often, but it’s hard to get it right as there’s a gazillion of ways to structure apache config files. Hopefully it will get fixed in 1.0 as currently planned.

Yep, that’s currently planned for the end of august! Just an ETA at this point though, so no guarantee that it will be on time.


#4

Thank you for fast responce.

  1. Yes, I had multiply directives in one user-related files, like

<VirtualHost 194.177.20.83:80>
ServerAdmin support@rusroute.com
DocumentRoot /var/www/maa/data/html/rusroute.com
#
#SuexecUserGroup maa maa
#
#
AssignUserID maa maa
#
ServerName rusroute.com
ServerAlias www.rusroute.com
ErrorLog logs/maa/rusroute.com.error.log
CustomLog logs/maa/rusroute.com.access.log combined

ScriptAlias /cgi-bin/ /var/www/maa/data/html/rusroute.com/cgi-bin/

AddDefaultCharset utf-8

DirectoryIndex index.html index.htm index.cgi

DirectoryIndex index.html index.htm index.cgi index.php

<VirtualHost 194.177.20.83:80>
ServerAdmin support@maasoftware.ru
DocumentRoot /var/www/maa/data/html/download.maasoftware.ru
#
#SuexecUserGroup maa maa
#
#
AssignUserID maa maa
#
ServerName download.maasoftware.ru

ServerAlias www.download.maasoftware.ru

ErrorLog logs/maa/download.maasoftware.ru.error.log
CustomLog logs/maa/download.maasoftware.ru.access.log combined

ScriptAlias /cgi-bin/ /var/www/maa/data/html/download.maasoftware.ru/cgi-bin/

AddDefaultCharset utf-8
DirectoryIndex index.html index.htm index.cgi

and more other www sites…


#5
  1. http://maasoftware.ru/a/certbot.txt
  2. http://maasoftware.ru/a/maa.txt