Bug 2024621 - certbot systemd timer is not made active
Summary: certbot systemd timer is not made active
Alias: None
Product: Fedora
Classification: Fedora
Component: certbot
Version: 35
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Felix Schwarz
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2021-11-18 14:10 UTC by Chris Egeland
Modified: 2021-12-20 01:07 UTC (History)
8 users (show)

Fixed In Version: certbot-1.22.0-1.fc35
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-12-20 01:07:32 UTC
Type: Bug

Attachments (Terms of Use)

Description Chris Egeland 2021-11-18 14:10:30 UTC
Description of problem: When installing certbot, certbot-renew.timer is not made active, despite being included in 90-defaults.preset. Without this timer enabled, certbot will not automatically run to renew certificates, causing an unexpected expiration. Per https://bugzilla.redhat.com/show_bug.cgi?id=1940211, this timer should be enabled by default when present.

Version-Release number of selected component (if applicable): certbot-1.20.0-1.fc35

How reproducible: Always

Steps to Reproduce:
1. Install Fedora 35
2. Ensure certbot-renew.timer is present in /usr/lib/systemd/system-preset/90-default.preset (grep certbot /usr/lib/systemd/system-preset/90-default.preset)
3. Install certbot (dnf install -y -q certbot)
4. Search for certbot-renew.timer in systemd timers (systemctl list-timers --all | grep certbot)

Actual results: certbot-renew.timer is not listed as an active timer

Expected results: certbot-renew.timer should be listed as an active timer

Additional info:

[root@fedora ~]# grep certbot /usr/lib/systemd/system-preset/90-default.preset 
enable certbot-renew.timer
[root@fedora ~]# dnf install -y -q certbot

  certbot-1.20.0-1.fc35.noarch                python-josepy-doc-1.9.0-1.fc35.noarch          python3-acme-1.20.0-1.fc35.noarch         
  python3-certbot-1.20.0-1.fc35.noarch        python3-charset-normalizer-2.0.4-1.fc35.noarch python3-configargparse-1.4.1-2.fc35.noarch
  python3-configobj-5.0.6-25.fc35.noarch      python3-cryptography-3.4.7-5.fc35.x86_64       python3-idna-3.2-1.fc35.noarch            
  python3-josepy-1.9.0-1.fc35.noarch          python3-parsedatetime-2.6-4.fc35.noarch        python3-pyOpenSSL-21.0.0-1.fc35.noarch    
  python3-pyrfc3339-1.1-9.fc35.noarch         python3-pysocks-1.7.1-11.fc35.noarch           python3-pytz-2021.3-1.fc35.noarch         
  python3-requests-2.26.0-1.fc35.noarch       python3-requests-toolbelt-0.9.1-15.fc35.noarch python3-urllib3-1.26.6-2.fc35.noarch      
  python3-zope-component-4.3.0-18.fc35.noarch python3-zope-event-4.2.0-22.fc35.noarch        python3-zope-interface-5.4.0-3.fc35.x86_64

[root@fedora ~]# systemctl list-timers --all | grep certbot
[root@fedora ~]#

Comment 1 Felix Schwarz 2021-11-19 07:10:17 UTC
Yes, I noticed that shortly after releasing 1.20 and fixed this in git: https://src.fedoraproject.org/rpms/certbot/c/92f4517312b68f1dc7397307b8899ef7d4be97e6?branch=rawhide

The change will go live once I get to packaging 1.21 (bug 2020069). That version requires a bit of extra time as I need to update Certbot's signing key and 1.21 itself does not bring any significant changes.

Comment 2 Fedora Update System 2021-12-11 21:02:12 UTC
FEDORA-2021-ea4a97cd77 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ea4a97cd77

Comment 3 Fedora Update System 2021-12-12 02:06:52 UTC
FEDORA-2021-ea4a97cd77 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ea4a97cd77`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ea4a97cd77

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 4 Fedora Update System 2021-12-20 01:07:32 UTC
FEDORA-2021-ea4a97cd77 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.