Yo Hal! On Thu, 02 Jan 2025 21:24:49 -0800 Hal Murray <halmur...@sonic.net> wrote:
> devel@ntpsec.org said: > > certbot certonly --agree-tos \ > > --standalone \ > > certbot help says: > certonly Obtain or renew a certificate, but do not > install it Des apache look in the right place? Yes. I use that script, or slight variations, a lot of places, works great. When I updated the key type, it also worked find on lists.ntpsec.org > > "We" could. :-) But it would quikcly get out of sync. > > I've added lists.ntpsec.org to the web servers that I keep an eye on. > 61 days to go > That seems strange. If we just noticed troubles and just got a new > cert, I'd expect it to be 89 or 90 days left. Sadly, no. Let's Encrypt is slowly cutting down the valid time. They now intend to cut the valid time, eventually, to 7 days! Best to check for time remaining, you can not reliably compute the expriation. > Is apache looking in > the right place? Yes. > Or do you have to copy it over to where apache can > get it? No. Run the script, done. > Was that server moved to a jail recently? Not touched by anyone in a long time. That changes have been by certbot. > Are you using > certbot's autorenew stuff or running that script by hand? ... I think Matt looked into auto renew. My experience is that autorenew is to be avaoid. It would have failed for this case due to the mandatory key type change. Autorenew can not halde certbot policay changes. > What other certs does ntpsec use? Mail server, the web site. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin _______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel