Bug 2024621

Summary: certbot systemd timer is not made active
Product: [Fedora] Fedora Reporter: Chris Egeland <chris>
Component: certbotAssignee: Felix Schwarz <fschwarz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 35CC: anon.amish, certbot-sig, fschwarz, james.hogarth, luk.claes, nb, nick, rbu
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: certbot-1.22.0-1.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-20 01:07:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Egeland 2021-11-18 14:10:30 UTC 
Description of problem: When installing certbot, certbot-renew.timer is not made active, despite being included in 90-defaults.preset. Without this timer enabled, certbot will not automatically run to renew certificates, causing an unexpected expiration. Per https://bugzilla.redhat.com/show_bug.cgi?id=1940211, this timer should be enabled by default when present.


Version-Release number of selected component (if applicable): certbot-1.20.0-1.fc35


How reproducible: Always


Steps to Reproduce:
1. Install Fedora 35
2. Ensure certbot-renew.timer is present in /usr/lib/systemd/system-preset/90-default.preset (grep certbot /usr/lib/systemd/system-preset/90-default.preset)
3. Install certbot (dnf install -y -q certbot)
4. Search for certbot-renew.timer in systemd timers (systemctl list-timers --all | grep certbot)

Actual results: certbot-renew.timer is not listed as an active timer


Expected results: certbot-renew.timer should be listed as an active timer


Additional info:

[root@fedora ~]# grep certbot /usr/lib/systemd/system-preset/90-default.preset 
enable certbot-renew.timer
[root@fedora ~]# dnf install -y -q certbot

Installed:
  certbot-1.20.0-1.fc35.noarch                python-josepy-doc-1.9.0-1.fc35.noarch          python3-acme-1.20.0-1.fc35.noarch         
  python3-certbot-1.20.0-1.fc35.noarch        python3-charset-normalizer-2.0.4-1.fc35.noarch python3-configargparse-1.4.1-2.fc35.noarch
  python3-configobj-5.0.6-25.fc35.noarch      python3-cryptography-3.4.7-5.fc35.x86_64       python3-idna-3.2-1.fc35.noarch            
  python3-josepy-1.9.0-1.fc35.noarch          python3-parsedatetime-2.6-4.fc35.noarch        python3-pyOpenSSL-21.0.0-1.fc35.noarch    
  python3-pyrfc3339-1.1-9.fc35.noarch         python3-pysocks-1.7.1-11.fc35.noarch           python3-pytz-2021.3-1.fc35.noarch         
  python3-requests-2.26.0-1.fc35.noarch       python3-requests-toolbelt-0.9.1-15.fc35.noarch python3-urllib3-1.26.6-2.fc35.noarch      
  python3-zope-component-4.3.0-18.fc35.noarch python3-zope-event-4.2.0-22.fc35.noarch        python3-zope-interface-5.4.0-3.fc35.x86_64

[root@fedora ~]# systemctl list-timers --all | grep certbot
[root@fedora ~]#
Comment 1 Felix Schwarz 2021-11-19 07:10:17 UTC 
Yes, I noticed that shortly after releasing 1.20 and fixed this in git: https://src.fedoraproject.org/rpms/certbot/c/92f4517312b68f1dc7397307b8899ef7d4be97e6?branch=rawhide

The change will go live once I get to packaging 1.21 (bug 2020069). That version requires a bit of extra time as I need to update Certbot's signing key and 1.21 itself does not bring any significant changes.
Comment 2 Fedora Update System 2021-12-11 21:02:12 UTC 
FEDORA-2021-ea4a97cd77 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ea4a97cd77
Comment 3 Fedora Update System 2021-12-12 02:06:52 UTC 
FEDORA-2021-ea4a97cd77 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ea4a97cd77`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ea4a97cd77

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2021-12-20 01:07:32 UTC 
FEDORA-2021-ea4a97cd77 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.