certbot creating a new certificate every day - lets-encrypt

I have a script that auto renews a let's encrypt certificate when it becomes available. We run this script everyday at 17:00
#!/bin/sh
/usr/bin/certbot --cert-name sitename.com --text --agree-tos certonly -a webroot --keep-until-expiring --webroot-path /var/www/path/public -d sitename.com -d www.sitename.com
Recently i've seen that a new certificate is getting generated with a new directory every day with a 00XX suffix.
There has been no chance to this file since it was created (19th August)
So /etc/letsencrypt/archive looks like this:
drwxr-xr-x. 2 root root 4096 Nov 11 09:45 sitename.com
drwxr-xr-x. 2 root root 4096 Aug 19 16:39 sitename.com-0001
drwxr-xr-x. 2 root root 4096 Aug 19 16:43 sitename.com-0002
drwxr-xr-x. 2 root root 4096 Oct 16 17:00 sitename.com-0003
drwxr-xr-x. 2 root root 4096 Oct 17 17:00 sitename.com-0004
drwxr-xr-x. 2 root root 4096 Oct 18 17:00 sitename.com-0005
drwxr-xr-x. 2 root root 4096 Oct 19 17:00 sitename.com-0006
drwxr-xr-x. 2 root root 4096 Oct 20 17:00 sitename.com-0007
drwxr-xr-x. 2 root root 4096 Oct 23 17:00 sitename.com-0008
drwxr-xr-x. 2 root root 4096 Oct 24 17:00 sitename.com-0009
drwxr-xr-x. 2 root root 4096 Oct 25 17:01 sitename.com-0010
drwxr-xr-x. 2 root root 4096 Oct 26 17:00 sitename.com-0011
drwxr-xr-x. 2 root root 4096 Oct 27 17:00 sitename.com-0012
drwxr-xr-x. 2 root root 4096 Oct 30 17:00 sitename.com-0013
drwxr-xr-x. 2 root root 4096 Oct 31 17:00 sitename.com-0014
drwxr-xr-x. 2 root root 4096 Nov 1 17:00 sitename.com-0015
drwxr-xr-x. 2 root root 4096 Nov 2 17:00 sitename.com-0016
drwxr-xr-x. 2 root root 4096 Nov 3 17:00 sitename.com-0017
drwxr-xr-x. 2 root root 4096 Nov 6 17:00 sitename.com-0018
drwxr-xr-x. 2 root root 4096 Nov 7 17:00 sitename.com-0019
drwxr-xr-x. 2 root root 4096 Nov 8 17:00 sitename.com-0020
drwxr-xr-x. 2 root root 4096 Nov 9 17:01 sitename.com-0021
drwxr-xr-x. 2 root root 4096 Nov 10 17:00 sitename.com-0022
I believe that -0001 and -0002 were created because of a misconfiguration when the certificate was first generated.
But can anybody help explain why a certificate and directory has been created each day since october 16th?

I managed to figure out the problem.
After running
/usr/bin/certbot certificates
There was error:
Renewal configuration file /etc/letsencrypt/renewal/sitename.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
And it appears that there is a conf file for each of the -00XX directories.
Upon looking at /etc/letsencrypt/renewal/sitename.com.conf I found that the file was empty.
So I took the latest -00XX conf file and removed the 00XX suffix from the text lines.
The conf file should appear like this:
# renew_before_expiry = 30 days
version = 1.0.0
archive_dir = /etc/letsencrypt/archive/sitename.com
cert = /etc/letsencrypt/live/sitename.com/cert.pem
privkey = /etc/letsencrypt/live/sitename.com/privkey.pem
chain = /etc/letsencrypt/live/sitename.com/chain.pem
fullchain = /etc/letsencrypt/live/sitename.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = webroot
account = XXXXXXXXXXXXXXXXXXXXXXX
webroot_path = /var/www/path/public,
server = https://acme-v02.api.letsencrypt.org/directory
But this will still create a new directory and certificate for each day
You will need to prepend this to your conf file, include a line for each domain associated with your certificate.
[[webroot_map]]
sitename.com = /var/www/path/public
www.sitename.com = /var/www/path/public
And that should prevent certificates being generated everyday.
I believe that the problem is a result of removing domains from a certificate and manually renewing.

Related

Retiring the once only volume, holding important looking files

/volume1 was once my only volume, and it's has been joined by /volume2 in preparation for retiring /volume1.
Having relocated all my content I can see lots of files I cannot explain. Unusually they are all prefixed with #, e.g.
/volume1$ ls -als
total 430144
0 drwxr-xr-x 1 root root 344 May 2 16:19 .
4 drwxr-xr-x 24 root root 4096 May 2 16:18 ..
0 drwxr-xr-x 1 root root 156 Jun 29 15:57 #appstore
0 drwx------ 1 root root 0 Apr 11 04:03 #autoupdate
0 drwxr-xr-x 1 root root 14 May 2 16:19 #clamav
332 -rw------- 1 root root 339245 Jan 23 13:50 #cnid_dbd.core.gz
0 drwxr-xr-x 1 admin users 76 Aug 19 2020 #database
0 drwx--x--x 1 root root 174 Jun 29 15:57 #docker
0 drwxrwxrwx+ 1 root root 24 Jan 23 15:27 #eaDir
420400 -rw------- 1 root root 430485906 Jan 4 05:06 #G1.core.gz
0 drwxrwxrwx 1 root root 12 Jan 21 13:47 #img_bkp_cache
0 drwxr-xr-x 1 root root 14 Dec 29 18:45 #maillog
0 drwxr-xr-x 1 root root 60 Dec 29 18:39 #MailScanner
0 drwxrwxr-x 1 root root 106 Oct 7 2018 #optware
7336 -rw------- 1 root root 7510134 Jan 24 01:33 #Plex.core.gz
0 drwxr-xr-x 1 postfix root 166 Oct 12 2020 #postfix
2072 -rw------- 1 root root 2118881 Jan 17 03:47 #rsync.core.gz
0 drwxr-xr-x 1 root root 88 May 2 16:19 #S2S
0 drwxr-xr-x 1 root root 0 Jan 23 13:50 #sharesnap
0 drwxrwxrwt 1 root root 48 Jun 29 15:57 #tmp
I have two questions
what does the # prefix signify, and
how can I move/remove them, given that something's going to miss these files.
From experimentation it seems the answers are:
Nothing - they're a convention used by the Synology packaging system, it appears.
With one exception I didn't need to consider the consequences of removing the file system on which these stood. The #appstore directory clearly holds the installed Synology packages, and after pulling /volume1 they showed in the Package Center as "needing repair". Once they were repaired, the same # prefixed directories appeared in the new volume - and the configuration was retained - so it appears these directories hold only the immutable software components.
The exception: I use ipkg mostly for fetchmail. I took a listing of the installed packages as well as the fetchmailrc, and then reinstalled the same packages once "Easy Bootstrap Installer" was ready for use (repair didn't work on this, but uninstall and reinstall worked fine).

Developing inside docker on WSL2-Ubuntu from vscode

I am trying run docker inside WSL (am running Ubuntu in WSL). Also am new to docker. The doc says:
To get the best out of the file system performance when bind-mounting files:
Store source code and other data that is bind-mounted into Linux containers (i.e., with docker run -v <host-path>:<container-path>) in the Linux filesystem, rather than the Windows filesystem.
Linux containers only receive file change events (“inotify events”) if the original files are stored in the Linux filesystem.
Performance is much higher when files are bind-mounted from the Linux filesystem, rather than remoted from the Windows host. Therefore avoid docker run -v /mnt/c/users:/users (where /mnt/c is mounted from Windows).
Instead, from a Linux shell use a command like docker run -v ~/my-project:/sources <my-image> where ~ is expanded by the Linux shell to $HOME.
I also came across following:
Run sudo docker run -v "$HOME:/host" --name "[name_work]" -it docker.repo/[name]. With, [$HOME:/host], you can access your home directory in /host dir in docker image. This allows you to access your files on the local machine inside the docker. So you can edit your source code in your local machine using your favourite editor and run them directly inside the docker. Make sure that you have done this correct. Otherwise, you may need to copy files from the local machine to docker, for each edit (a painful job).
I am not able to understand the format of parameter passed to -v option and what it does. I am thinking that it will allow to access Ubuntu directories inside docker. So $HOME:/host will map Ubuntu's home directory to /host inside.
Q1. But what is /host?
Q2. Can I do what is stated by above two quotes together? I mean what they are saying is compatible? I guess yes. What all its saying is I should not mount from windows director like /mnt/<driveletter>/.... If I am mounting linux directory like $USER/... then it will give better performance, right?
I tried out running it to understand it:
~$ docker run -v "$HOME:/host" --name "mydokr" -it docker.repo.in/dokrimg
root#f814974a1cfb:/home# ls
root#f814974a1cfb:/home# ll
total 8
drwxr-xr-x 2 root root 4096 Apr 15 11:09 ./
drwxr-xr-x 1 root root 4096 Sep 22 07:16 ../
root#f814974a1cfb:/home# pwd
/home
root#f814974a1cfb:/home# cd ..
root#f814974a1cfb:/# ll
total 64
drwxr-xr-x 1 root root 4096 Sep 22 07:16 ./
drwxr-xr-x 1 root root 4096 Sep 22 07:16 ../
-rwxr-xr-x 1 root root 0 Sep 22 07:16 .dockerenv*
lrwxrwxrwx 1 root root 7 Jul 3 01:56 bin -> usr/bin/
drwxr-xr-x 2 root root 4096 Apr 15 11:09 boot/
drwxr-xr-x 5 root root 360 Sep 22 07:16 dev/
drwxr-xr-x 1 root root 4096 Sep 22 07:16 etc/
drwxr-xr-x 2 root root 4096 Apr 15 11:09 home/
drwxr-xr-x 5 1000 1001 4096 Sep 22 04:52 host/
lrwxrwxrwx 1 root root 7 Jul 3 01:56 lib -> usr/lib/
lrwxrwxrwx 1 root root 9 Jul 3 01:56 lib32 -> usr/lib32/
lrwxrwxrwx 1 root root 9 Jul 3 01:56 lib64 -> usr/lib64/
lrwxrwxrwx 1 root root 10 Jul 3 01:56 libx32 -> usr/libx32/
drwxr-xr-x 2 root root 4096 Jul 3 01:57 media/
drwxr-xr-x 2 root root 4096 Jul 3 01:57 mnt/
drwxr-xr-x 2 root root 4096 Jul 3 01:57 opt/
dr-xr-xr-x 182 root root 0 Sep 22 07:16 proc/
drwx------ 1 root root 4096 Aug 24 03:54 root/
drwxr-xr-x 1 root root 4096 Aug 11 10:24 run/
lrwxrwxrwx 1 root root 8 Jul 3 01:56 sbin -> usr/sbin/
drwxr-xr-x 2 root root 4096 Jul 3 01:57 srv/
dr-xr-xr-x 11 root root 0 Sep 22 03:32 sys/
-rw-r--r-- 1 root root 1610 Aug 24 03:56 test_logPath.log
drwxrwxrwt 1 root root 4096 Aug 24 03:57 tmp/
drwxr-xr-x 1 root root 4096 Aug 11 10:24 usr/
drwxr-xr-x 1 root root 4096 Jul 3 02:00 var/
root#f814974a1cfb:/home# cd ../host
root#f814974a1cfb:/host# ll
total 36
drwxr-xr-x 5 1000 1001 4096 Sep 22 04:52 ./
drwxr-xr-x 1 root root 4096 Sep 22 07:16 ../
-rw-r--r-- 1 1000 1001 220 Sep 22 03:38 .bash_logout
-rw-r--r-- 1 1000 1001 3771 Sep 22 03:38 .bashrc
drwxr-xr-x 3 1000 1001 4096 Sep 22 04:56 .docker/
drwxr-xr-x 2 1000 1001 4096 Sep 22 03:38 .landscape/
-rw-r--r-- 1 1000 1001 0 Sep 22 03:38 .motd_shown
-rw-r--r-- 1 1000 1001 921 Sep 22 04:52 .profile
-rw-r--r-- 1 1000 1001 0 Sep 22 03:44 .sudo_as_admin_successful
drwxr-xr-x 5 1000 1001 4096 Sep 22 04:52 .vscode-server/
-rw-r--r-- 1 1000 1001 183 Sep 22 04:52 .wget-hsts
So I am not getting whats happening here. I know docker has its own file system.
Q3. Is is that, what am finding at /home and /host is indeed container's own file system?
Q4. Also, what happened to -v $HOME:/host here?
Q5. How can I do as stated by 2nd quote:
This allows you to access your files on the local machine inside the docker. So you can edit your source code in your local machine using your favourite editor and run them directly inside the docker.
Q6. How do I connect vscode to this container? From WSL-Ubuntu, I could just run code . to launch vscode. But the same does not seem to work here:
root#f814974a1cfb:/home# code .
bash: code: command not found
This link says:
A devcontainer.json file can be used to tell VS Code how to configure the development container, including the Dockerfile to use, ports to open, and extensions to install in the container. When VS Code finds a devcontainer.json in the workspace, it automatically builds (if necessary) the image, starts the container, and connects to it.
But I guess this says starting up creating new container form vscode. But not connecting to already existing container. I am not able to find my dockercontainer.json. I downloaded this container image using docker pull.

What directories does Linux have that macOS doesn't?

I'm a Python programmer that is trying to make a system of sorts that creates save data for a game I'm making, and I want it to be in different places in something like Ubuntu than I do macOS. As I don't have a macOS, and it's impossible to just up and get an ISO to get a macOS VM, I can't look through the files and folders and see what it has (or doesn't) that Linux does or doesn't.
I've tried looking all over to the point of attempting to get a hold of an ISO to build a VM in VirtualBox, but haven't been successful at all.
What files or folders does macOS have that Linux does, or vice versa?
To complete the (excellent) answer from #Michael, here is the listing of the home and root directory after a fresh install on the latest stable release of MacOS System (10.14.2)
MacBook-Pro:~ max$ ls -al /
total 37
drwxr-xr-x 26 root wheel 832 Jan 6 19:00 .
drwxr-xr-x 26 root wheel 832 Jan 6 19:00 ..
-rw-rw-r-- 1 root admin 8196 Jan 13 07:11 .DS_Store
drwx------ 5 root admin 160 Jan 6 11:47 .Spotlight-V100
d-wx-wx-wt 2 root wheel 64 Jan 14 06:39 .Trashes
---------- 1 root admin 0 Aug 18 06:53 .file
drwx------ 11 root admin 352 Jan 14 06:39 .fseventsd
drwxr-xr-x 2 root wheel 64 Aug 18 06:53 .vol
drwxrwxr-x+ 39 root admin 1248 Nov 30 12:49 Applications
drwxr-xr-x+ 60 root wheel 1920 Nov 30 12:50 Library
drwxr-xr-x 2 root wheel 64 Aug 18 06:53 Network
drwxr-xr-x# 5 root wheel 160 Nov 30 12:46 System
drwxr-xr-x 5 root admin 160 Jan 6 18:59 Users
drwxr-xr-x+ 4 root wheel 128 Jan 14 06:39 Volumes
drwxr-xr-x# 37 root wheel 1184 Nov 30 12:55 bin
drwxrwxr-t 2 root admin 64 Aug 18 06:53 cores
dr-xr-xr-x 3 root wheel 4301 Jan 14 06:39 dev
lrwxr-xr-x# 1 root wheel 11 Jan 6 18:49 etc -> private/etc
dr-xr-xr-x 2 root wheel 1 Jan 14 06:40 home
-rw-r--r-- 1 root wheel 313 Aug 18 10:03 installer.failurerequests
dr-xr-xr-x 2 root wheel 1 Jan 14 06:40 net
drwxr-xr-x 6 root wheel 192 Nov 30 12:50 private
drwxr-xr-x# 64 root wheel 2048 Jan 6 18:49 sbin
lrwxr-xr-x# 1 root wheel 11 Jan 6 18:49 tmp -> private/tmp
drwxr-xr-x# 9 root wheel 288 Nov 30 12:38 usr
lrwxr-xr-x# 1 root wheel 11 Jan 6 18:49 var -> private/var
And the home dir:
MacBook-Pro:~ max$ ls -al ~
total 16
drwxr-xr-x+ 15 max staff 480 Jan 14 06:43 .
drwxr-xr-x 5 root admin 160 Jan 6 18:59 ..
-r-------- 1 max staff 7 Jan 6 18:59 .CFUserTextEncoding
drwx------ 2 max staff 64 Jan 14 06:40 .Trash
-rw------- 1 max staff 0 Jan 13 07:11 .bash_history
drwx------ 10 max staff 320 Jan 14 06:40 .bash_sessions
-rw------- 1 max staff 908 Jan 14 06:43 .viminfo
drwx------+ 3 max staff 96 Jan 6 18:59 Desktop
drwx------+ 3 max staff 96 Jan 6 18:59 Documents
drwx------+ 3 max staff 96 Jan 6 18:59 Downloads
drwx------# 51 max staff 1632 Jan 13 07:11 Library
drwx------+ 3 max staff 96 Jan 6 18:59 Movies
drwx------+ 3 max staff 96 Jan 6 18:59 Music
drwx------+ 3 max staff 96 Jan 6 18:59 Pictures
drwxr-xr-x+ 4 max staff 128 Jan 6 18:59 Public
Application settings on macOS are ususally saved somewhere in ~/Library: Common places are ~/Library/Preferences/com.example.mycoolgame.plist for preferences (should be in plist format and "com.example.mycoolgame" should be a valid bundle ID that you own (you should own the domain)). The advantage/disadvantage of this path is that power users know about this directory and can edit the files there as they wish.
Then you have ~/Library/Caches for cached data. All cached data should be put somewhere under this directory. (Never use it for content that cannot be regenerated or redownloaded though.)
~/Library/ApplicationSupport/YourApplicationName/...: here you can basically do anything you like. It would be good if "YourApplicationName" would be globally unique in this case.. So better make it long. Users usually don't see the filesystem contents of anything below "~/Library", so there is no need for short names.
Of course, you can also put your savegames in ~/Documents/MyCoolGame/savegames and tell the user that you save the games there.
A gotcha (maybe): I'm not sure if system APIs expand "~" properly. I think probably not: Calling fopen with a path that starts with "~" would most likely not do the right thing. The users directory is located at something like "/Users/max", so "~" expands to "/Users/max" in the command line if the username is "max".
I can't answer your original question "What directories does Linux have that macOS doesn't?" because I don't have a Linux box at hand at the moment, and I don't think that it would be helpful for your use case.
For global data, there is also the "/Library" hierarchy.. But normal users don't have access to this place, so your game would need to ask for admin rights, which will make everything much more complicated, and this will feel user-unfriendly to macOS users. The macOS way is to have a self-contained application bundle and put all user-specific or temporary data into the appropriate place within the users home folder.

How to remove the static message that appears when opening a Linux shell?

How to remove the following message:
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.
Every time I open a Terminal it appears. I upgraded from Ubuntu 14.04 LTS to 16.04 LTS and it seems that update made that.
I am using bash.
I googled that and found this command:
$ touch ~/.hushlogin
Execute the below command and close the terminal. The message will be remove from the terminal.
sudo apt-get update
atleast my ubuntu 14.04 machine will display(or run) all the script in /etc/update-motd.d(motd => message of the day) directory.
ll /etc/update-motd.d/
total 40
drwxr-xr-x 2 root root 4096 Sep 27 2014 ./
drwxr-xr-x 109 root root 4096 Nov 30 10:27 ../
-rwxr-xr-x 1 root root 1220 Feb 20 2014 00-header*
-rwxr-xr-x 1 root root 1358 Feb 20 2014 10-help-text*
lrwxrwxrwx 1 root root 46 Sep 27 2014 50-landscape-sysinfo -> /usr/share/landscape/landscape-sysinfo.wrapper*
-rwxr-xr-x 1 root root 334 Sep 27 2014 51-cloudguest*
-rwxr-xr-x 1 root root 149 Aug 22 2011 90-updates-available*
-rwxr-xr-x 1 root root 299 Aug 21 2014 91-release-upgrade*
-rwxr-xr-x 1 root root 111 Mar 27 2014 97-overlayroot*
-rwxr-xr-x 1 root root 142 Aug 22 2011 98-fsck-at-reboot*
-rwxr-xr-x 1 root root 144 Aug 22 2011 98-reboot-required*
The scipt with lowest number is gonna execute first 00-header*

cannot access $LD_LIBRARY_PATH

without exporting $LD_LIBRARY_PATH anew, and without doing anything with the variable in bashrc,
echo $LD_LIBRARY_PATH
returns
/usr/local/cuda/lib64
However,
$LD_LIBRARY_PATH
returns
-bash: /usr/local/cuda/lib64:: No such file or dictionary
Yet, the path does exist.
What could've gone wrong?
------EDIT-----
ls -ld /usr/local{,/cuda{,/*}}
returns
drwxr-xr-x 16 root root 4096 Apr 10 17:07 /usr/local
lrwxrwxrwx 1 root root 19 Sep 16 2015 /usr/local/cuda -> /usr/local/cuda-7.5
drwxr-xr-x 3 root root 4096 Sep 16 2015 /usr/local/cuda/bin
drwxr-xr-x 5 root root 4096 Sep 16 2015 /usr/local/cuda/doc
drwxr-xr-x 4 root root 4096 Sep 16 2015 /usr/local/cuda/extras
drwxr-xr-x 5 root root 4096 Sep 16 2015 /usr/local/cuda/include
drwxr-xr-x 5 root root 4096 Sep 16 2015 /usr/local/cuda/jre
drwxr-xr-x 2 root root 4096 Sep 16 2015 /usr/local/cuda/lib
drwxr-xr-x 3 root root 4096 Sep 16 2015 /usr/local/cuda/lib64
drwxr-xr-x 8 root root 4096 Sep 16 2015 /usr/local/cuda/libnsight
drwxr-xr-x 7 root root 4096 Sep 16 2015 /usr/local/cuda/libnvvp
drwxr-xr-x 7 root root 4096 Sep 16 2015 /usr/local/cuda/nvvm
drwxr-xr-x 2 root root 4096 Sep 16 2015 /usr/local/cuda/pkgconfig
drwxr-xr-x 11 root root 4096 Sep 16 2015 /usr/local/cuda/samples
drwxr-xr-x 3 root root 4096 Sep 16 2015 /usr/local/cuda/share
drwxr-xr-x 2 root root 4096 Sep 16 2015 /usr/local/cuda/src
drwxr-xr-x 2 root root 4096 Sep 16 2015 /usr/local/cuda/tools
-rw-r--r-- 1 root root 20 Sep 16 2015 /usr/local/cuda/version.txt
The problem was resolved by modifying the Makefile.config as follows:
/usr/local/cuda
to
/usr/local/cuda-7.5

Resources