Description of problem: After renewing a certificate, the /etc/acme-tiny/notify.sh script is not being run, so one cannot restart or reload services that depend on the cert. Version-Release number of selected component (if applicable): 4.1.0-1 How reproducible: Always Steps to Reproduce: 1. Use acme-tiny to obtain a certificate 2. Install a custom script in /etc/acme-tiny/notify.d/ 3. Renew the certificate using the /usr/libexec/acme-tiny/sign script Actual results: The certificate is renewed, but the custom hook script is not called. Expected results: The custom hook script in /etc/acme-tiny/notify.d/ should be run. Additional info:
Any news from the maintainer?
It works for me. :-( But that is on EPEL7, Fedora, where e.g. F33 is on acme-tiny-4.1.0-7. In 4.1.0-1 you need to set up incrond per the README. In later releases, I added the acme-tiny-notify service which is triggered by the acme-tiny service. I didn't bother with EL8 since it is EOL in a few months. I'll make a new release anyway I guess. Meanwhile, here is the acme-tiny-notify.service and change to acme-tiny.service to trigger it: [stuart@melissa acme-tiny]$ cat acme-tiny-notify.service [Unit] Description=Notify services of updates to acme certs [Service] Type=oneshot Nice=19 SyslogIdentifier=acme-tiny ExecStart=/usr/libexec/acme-tiny/notify --scan [stuart@melissa acme-tiny]$ cat acme-tiny.service [Unit] Description=Check for acme certs about to expire Wants=acme-tiny-notify.service Before=acme-tiny-notify.service [Service] Type=oneshot Nice=19 ProtectHome=true ProtectSystem=true User=acme Group=acme SyslogIdentifier=acme-tiny ExecStart=/usr/libexec/acme-tiny/sign 7 [Install] Also=acme-tiny.timer
Hi Stuart. Thanks for the detailed information. If you can make a new release for EPEL8, that would be super! I'm a bit confused by your comment about EL8 being EOL. I thought EPEL would continue to work with RHEL8 and its clones such as Oracle Linux and Rocky Linux.
FEDORA-EPEL-2021-aa9e9819ec has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-aa9e9819ec
FEDORA-EPEL-2021-aa9e9819ec has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-aa9e9819ec See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
> I thought EPEL would continue to work with RHEL8 and its clones such as Oracle Linux and Rocky Linux. I'm unclear on whether there will be new EPELs for stream and Rocky - or whether epel8 will be compatible with both. Feel free to enlighten me.
Hi Stuart, I just checked the EPEL docs here: https://docs.fedoraproject.org/en-US/epel/#what_is_extra_packages_for_enterprise_linux_or_epel It looks to me like EPEL 8 should, and will, continue as normal for users of RHEL 8 and the clones (Oracle Linux, Rocky Linux, Almalinux, etc). There's now an EPEL Next repo, to allow building packages for CentOS Stream. I don't know how you feel about Stream, but I would appreciate it if you would continue to support EPEL 8, so that users of Rocky and Oracle Linux (like myself), can continue to benefit from updates.
FEDORA-EPEL-2021-aa9e9819ec has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.