committing changes in /etc made by "apt-get install certbot"

Packages with configuration changes:
+certbot 1.21.0-1build1 all

Package changes:
+certbot 1.21.0-1build1 all
+python3-acme 1.21.0-1ubuntu0.1 all
+python3-certbot 1.21.0-1build1 all
+python3-certifi 2020.6.20-1 all
+python3-cffi-backend 1.15.0-1build2 amd64
+python3-chardet 4.0.0-1 all
+python3-configargparse 1.5.3-1 all
+python3-configobj 5.0.6-5 all
+python3-cryptography 3.4.8-1ubuntu2.2 amd64
+python3-icu 2.8.1-0ubuntu2 amd64
+python3-josepy 1.10.0-1 all
+python3-openssl 21.0.0-1 all
+python3-parsedatetime 2.6-2 all
+python3-requests 2.25.1+dfsg-2ubuntu0.1 all
+python3-requests-toolbelt 0.9.1-1 all
+python3-rfc3339 1.1-3 all
+python3-six 1.16.0-3ubuntu1 all
+python3-tz 2022.1-1ubuntu0.22.04.1 all
+python3-urllib3 1.26.5-1~exp1ubuntu0.1 all
+python3-zope.component 4.3.0-3 all
+python3-zope.event 4.4-3 all
+python3-zope.hookable 5.1.0-1build1 amd64
+python3-zope.interface 5.4.0-1build1 amd64

diff --git a/.etckeeper b/.etckeeper
index 976896f141e9d0e52f53fc4429aaed25a990900f..9bd1f4cc12cb2c4e755fac7fe736c280381f6fa0 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -502,6 +502,7 @@ maybe chmod 0644 'console-setup/vtrgb.vga'
 maybe chmod 0755 'cron.d'
 maybe chmod 0644 'cron.d/.placeholder'
 maybe chmod 0644 'cron.d/backup'
+maybe chmod 0644 'cron.d/certbot'
 maybe chmod 0644 'cron.d/e2scrub_all'
 maybe chmod 0644 'cron.d/php'
 maybe chmod 0644 'cron.d/popularity-contest'
@@ -1180,6 +1181,8 @@ maybe chmod 0644 'ld.so.conf.d/x86_64-linux-gnu.conf'
 maybe chmod 0755 'ldap'
 maybe chmod 0644 'ldap/ldap.conf'
 maybe chmod 0644 'legal'
+maybe chmod 0755 'letsencrypt'
+maybe chmod 0644 'letsencrypt/cli.ini'
 maybe chmod 0644 'libaudit.conf'
 maybe chmod 0755 'libnl-3'
 maybe chmod 0644 'libnl-3/classid'
@@ -1212,6 +1215,7 @@ maybe chmod 0644 'logrotate.d/apt'
 maybe chmod 0644 'logrotate.d/aptitude'
 maybe chmod 0644 'logrotate.d/bootlog'
 maybe chmod 0644 'logrotate.d/btmp'
+maybe chmod 0644 'logrotate.d/certbot'
 maybe chmod 0644 'logrotate.d/dbconfig-common'
 maybe chmod 0644 'logrotate.d/dpkg'
 maybe chmod 0644 'logrotate.d/fail2ban'

diff --git a/cron.d/certbot b/cron.d/certbot
new file mode 100644 (file)
index 0000000..e38dbb9
--- /dev/null
+++ b/cron.d/certbot
@@ -0,0 +1,17 @@
+# /etc/cron.d/certbot: crontab entries for the certbot package
+#
+# Upstream recommends attempting renewal twice a day
+#
+# Eventually, this will be an opportunity to validate certificates
+# haven't been revoked, etc.  Renewal will only occur if expiration
+# is within 30 days.
+#
+# Important Note!  This cronjob will NOT be executed if you are
+# running systemd as your init system.  If you are running systemd,
+# the cronjob.timer function takes precedence over this cronjob.  For
+# more details, see the systemd.timer manpage, or use systemctl show
+# certbot.timer.
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

diff --git a/letsencrypt/cli.ini b/letsencrypt/cli.ini
new file mode 100644 (file)
index 0000000..d69c7f2
--- /dev/null
+++ b/letsencrypt/cli.ini
@@ -0,0 +1,5 @@
+# Because we are using logrotate for greater flexibility, disable the
+# internal certbot logrotation.
+max-log-backups = 0
+# Adjust interactive output regarding automated renewal
+preconfigured-renewal = True

diff --git a/logrotate.d/certbot b/logrotate.d/certbot
new file mode 100644 (file)
index 0000000..05caa95
--- /dev/null
+++ b/logrotate.d/certbot
@@ -0,0 +1,6 @@
+/var/log/letsencrypt/*.log {
+    rotate 12
+    weekly
+    compress
+    missingok
+}
\ No newline at end of file

diff --git a/systemd/system/timers.target.wants/certbot.timer b/systemd/system/timers.target.wants/certbot.timer
new file mode 120000 (symlink)
index 0000000..b8d4c22
--- /dev/null
+++ b/systemd/system/timers.target.wants/certbot.timer
@@ -0,0 +1 @@
+/lib/systemd/system/certbot.timer
\ No newline at end of file