User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0 Build Identifier: After installing certbot this is what is found: [bdm@peterson certbot]$ cat /etc/logrotate.d/certbot # Automated renewal of certificates The Fedora certbot package includes an optional systemd timer to handle renewals. This timer is set to run daily, with a random fudge factor of a 6 hours applied. To enable the timer based renewals: ``` systemctl enable --now certbot-renew.timer ``` The timer makes use of /etc/sysconfig/certbot to customise the behaviour. Unless there is a plugin that automates restarts (eg the apache plugin) it is important to configure a command to restart anything that uses the certificates This causes the logrotate.service to fail complaining about syntax errors. Reproducible: Always Steps to Reproduce: 1. Install certbot 2. Restart logrotate.service 3. logrotate service fails to start Actual Results: As above Expected Results: Sweetness and light and rotating logs There are some logrotate.d entries for certbot in the bug at rhbz#2102070 but there is no indication that a working configuration is in the comments. Various comments suggest that certbot should do this itself but there was no resolution in the bug and this seems to date from F35 and F36 which are approaching EOL or have reached it.
The reason for this, is line 254 in the spec file: install -Dm 0644 --preserve-timestamps %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/certbot The sources are the following: Source14: certbot-README.fedora Source15: certbot.logrotate Until this is fixed just paste this into %{_sysconfdir}/logrotate.d/certbot: /var/log/letsencrypt/*.log { rotate 12 weekly compress missingok notifempty }
Oh yes, I see, a 1 digit typo. Thanks for pointing that out, I hadn't installed the src rpm to check.
*** Bug 2188930 has been marked as a duplicate of this bug. ***
*** Bug 2189206 has been marked as a duplicate of this bug. ***
here's a pr: https://src.fedoraproject.org/rpms/certbot/pull-request/10 this is my first attempt at a contribution so i hope i've done it correctly.
Confirming here. I was hit by this bug. The workaround until upgrade is to remove /etc/logrotate.d/certbot.
FEDORA-2023-1eee504747 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-1eee504747
FEDORA-EPEL-2023-355404d2b1 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-355404d2b1
FEDORA-2023-9b2f8e3e49 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-9b2f8e3e49
FEDORA-2023-98f6be7e17 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-98f6be7e17
FEDORA-2023-1eee504747 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
Please check the update in https://bodhi.fedoraproject.org/updates/?search=certbot-2.5.0-3, test the packages, and provide karma as applicable so we can get this fix to stable repos faster.
FEDORA-2023-9b2f8e3e49 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2023-355404d2b1 has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.