Page MenuHomeDevCentral
Differential D3501

Allow nginx to read /.well-known/acme-challenge
ClosedPublic
Actions

Authored by dereckson on Oct 9 2024, 17:48.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 12, 11:23
Unknown Object (File)
Tue, Nov 12, 07:53
Unknown Object (File)
Tue, Nov 12, 06:45
Unknown Object (File)
Tue, Nov 12, 06:17
Unknown Object (File)
Mon, Nov 11, 22:35
Unknown Object (File)
Fri, Nov 8, 22:08
Unknown Object (File)
Fri, Nov 8, 10:37
Unknown Object (File)
Fri, Nov 8, 07:40
View All 43 Files
Subscribers
DorianWinty

Details

Reviewers
ledesillusionniste
Maniphest Tasks
T2051: Can't renew TLS certificates verified through HTTP on docker engines
Commits
rOPSb99907864885: Allow nginx to read /.well-known/acme-challenge
Summary

Certbot write files in /var/letsencrypt-auto/.well-known/acme-challenge
to allow Let's Encrypt server to verify the certificate request comes
from an authorized source.

Fixes T2051.

Test Plan

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
selinux-certbot-www
Build Status
Buildable 5567
Build 5849: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Oct 9 2024, 17:48
dereckson created this revision.
Harbormaster completed remote builds in B5567: Diff 9010.Oct 9 2024, 17:49
dereckson updated this revision to Diff 9011.Oct 9 2024, 17:59

+has_selinux

Harbormaster completed remote builds in B5568: Diff 9011.Oct 9 2024, 17:59
dereckson added a comment.Oct 9 2024, 18:04
Complector
$ salt docker-002 state.apply roles/core/certificates/letsencrypt
[…]
          ID: selinux_context_certbot_www
    Function: selinux.fcontext_policy_present
        Name: /var/letsencrypt-auto
      Result: True
     Comment:
     Started: 18:00:54.789434
    Duration: 1865.606 ms
     Changes:
              ----------
              new:
                  ----------
                  /var/letsencrypt-auto:
                      ----------
                      filetype:
                          all files
                      sel_type:
                          httpd_sys_content_t
              old:
                  ----------
----------
          ID: selinux_context_certbot_www_applied
    Function: selinux.fcontext_policy_applied
        Name: /var/letsencrypt-auto
      Result: True
     Comment: SElinux policies are already applied for filespec "/var/letsencrypt-auto"
     Started: 18:00:56.655250
    Duration: 7.813 ms
     Changes:
[…]

Summary for docker-002
-------------
Succeeded: 10 (changed=1)
Failed:     0
-------------
Total states run:     10
Total run time:    2.193 s
ledesillusionniste accepted this revision.Wed, Oct 23, 16:13
This revision is now accepted and ready to land.Wed, Oct 23, 16:13
Closed by commit rOPSb99907864885: Allow nginx to read /.well-known/acme-challenge (authored by dereckson). · Explain WhyWed, Oct 23, 16:38
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOPSb99907864885: Allow nginx to read /.well-known/acme-challenge.

Revision Contents
Changeset List

PathSize
roles/
core/
certificates/
11 lines

Diff 9010

View Options

roles/core/certificates/letsencrypt.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator