> I assume that the patch from 0.22.2-1ubuntu0.1 needs to be included.

Yes, I think this patch should be included. The packages in 18.04
included support Let's Encrypt's newer endpoint, however, this feature
is broken without this patch.

Thanks for catching this. The updated tests now test against the new API
as well.

The other questions here were largely answered in IRC, but to keep this
thread here up-to-date and maybe add a little more context...

> Why is certbot.timer's installation being removed?

I think removing this was a mistake. The current Ubuntu 16.04 package
does not configure automatic renewal, but I think it should be added as
it benefits users and keeps the package closer to the one found in
Bionic.

There's actually a lot of discussion about the addition of automatic
renewal earlier in this thread from a couple years ago.

> Has auto renewal been tested?

I suspect not. At the very least, I hadn't done so.

Previously my test script was almost exclusively running our upstream
tests on the installed packages and did not do much to test things
specifically found in the .deb packages.

For testing automatic renewal, however, the updates to the script I made
last week check:

1. certbot.timer exists and is enabled.
2. /etc/cron.d/certbot exists.

> Why remove the installation of the cli.ini that disables certbot-
internal log rotation?

I think we probably should keep this file unless there is a good reason
not to do so. Why make unnecessary modifications to the packages?

In the current Xenial packages, Certbot is using its own log rotation
provided by the Python standard library. Each run of Certbot creates a
new log file in /var/log/letsencrypt and up to 10 log files are created
after which old log files are deleted.

The cli.ini file in the Bionic package turns off this log rotation
causing Certbot to always append to the same file at
/var/log/letsencrypt/letsencrypt.log with the thinking that this will
better play with programs like logrotate.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640978

Title:
  [SRU] Backport letsencrypt from bionic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1640978/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to