On 11/25/2016 12:45 PM, Christian Seiler wrote: > On 11/25/2016 10:34 AM, Thijs Kinkhorst wrote: >> On Thu, November 24, 2016 22:28, Harlan Lieberman-Berg wrote: >>> On November 24, 2016 11:59:46 AM EST, James Cloos <cl...@jhcloos.com> >>> wrote: >>>> The jessie and jessie-backports releases of certbot have not, in >>>> general, been usable. There have been usable windows, but it has not >>>> been continuous. >>> >>> Certbot has never been in jessie, so I imagine it wouldn't have been >>> usable. >>> >>> I'm also haven't gotten any tickets about it being unusable. Can you >>> please provide me a link to the tickets you filed when you found it >>> unusable? >> >> FWIW certbot from jessie-backports has been working fine for me in several >> contexts. > > Same here. The only problem I had is when the package was renamed > from letsencrypt to certbot; that wasn't handled properly the way > I expect something like this to be handled, I had to manually coax > APT to get it installed. (A simple upgrade or dist-upgrade would > have just removed a lot of packages. I don't remember the precise > details, sorry, and I was too busy with other things to properly > report this.) Other than that it just worked after setting it up > initially.
Actually, correction: there was one upgrade issue. Recently systemd timer support was added, so that on systemd systems certbot is now started via a systemd unit and not via cron. That in and by itself is not an issue (it works fine), but I had modified the cron job to pass --renew-hook and --post-hook to certbot. (As far as I can tell, there's no way of setting these in a configuration file.) The only reason I noticed that was that dpkg complained about incompatible configuration file changes (for the cron job) that I had to look at manually. I then proceeded to drop in a file /etc/systemd/system/certbot.service.d/hooks.conf with the contents [Service] ExecStart= ExecStart=/usr/bin/certbot -q renew --renew-hook ... --post-hook ... to make this equivalent to the modifications I had done in the cron jobs beforehand, because the cron job was now modified to only be run on systemd systems. I understand how systemd, cron, etc. work quite well, so this was not a big deal for me - but there was no NEWS entry in the Debian package that apt-listchanges would have picked up by default (most people, myself included, only list NEWS and not d/changelog for upgrades), and there was no debconf prompt or anything to help the user with respect to upgrades. Combine that with the fact that editing the cron job was the recommended way of setting the hooks from the tutorials I had read, this is really not something I enjoyed having to do on a stable system. Especially since this is quite unnecessary: doing this with systemd units on systems running systemd might be a bit nicer than using cron, but cron worked just fine on the very same system beforehand - so this is a change that didn't have any immediate benefit in my case, but just caused me some extra work. I get that backports have to track stretch, and that in the stretch package you might want to have the nicer variant in the first place, so I don't begrudge that this change was made, but at the very least I would have hoped for a NEWS entry for this change. Regards, Christian