From nobody Sat Apr 20 21:29:01 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VMPlw4Xlrz5JTpM for ; Sat, 20 Apr 2024 21:29:16 +0000 (UTC) (envelope-from paulbeard@gmail.com) Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VMPlv50hgz4Zrd for ; Sat, 20 Apr 2024 21:29:15 +0000 (UTC) (envelope-from paulbeard@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=AiY436O1; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of paulbeard@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=paulbeard@gmail.com Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a557044f2ddso337896266b.2 for ; Sat, 20 Apr 2024 14:29:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713648552; x=1714253352; darn=freebsd.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=CluTT3K4F/vqY+fKeX98LNCGcxbTm59zeKvF0cTkPiE=; b=AiY436O1zPyeP1p/5Q8vugD0nD22LGJNHmOjEGZyAFYU1K3auUL1f+wrYU6MsZEXK+ snrKSvwh7LvuSMzPBHJsgLZQaEq0Bz/hI/+kUO4+KHfa8KcNC+oyq4eMThWYr9vB26PX cCW74jr2PvtNa+Xw59TMDSzWbzmEfPc7ez3ZnaxerWy1xpGF8hltyV9QRMh5bMcuxOlj mHsv7H/QnGt1VpvXfidlBGd+gnJ21ToAef2w7XFbj04iAFKZJNcJ3MoFdd1NwUaYDmoL BPp+B0WSr8wrpNPgQxWJV0ntnMSfQJdQdzfw0YoBPehlNzoIAJgj3iKTyM70H5U1bNdP 53fA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713648552; x=1714253352; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=CluTT3K4F/vqY+fKeX98LNCGcxbTm59zeKvF0cTkPiE=; b=mYuTBYW+HFQ7OZU1GxsQo5iQHk9DwhasGdmRAgQ79JWQrIcGhAUTYkPz6rZvAunh9I erOVccdxdYWwDpJVm9gfkBOFX/JjmfwlyGuPkQeqysAMIq6ywMkPW7zui7uXz1d+Pfos QFjFOXnkd41dJX2X9SqnEpWiitk2k0CL1Kzn5f1NZBRPCKyVJGW+p6LeURXnV1hEQHw9 sOezjx2vdos8zPjv1y2oZuhjKOUkXKbdySj7YFhknUgnJKrFQc5A2B9GRBQUOWFHTnjh jqvBupOR/6iJaZwvNnra3qlqU99qkZlKIT7BqDrbc/MdUEIIsF8E/XbVu9NH51w8oKs/ H+Pw== X-Gm-Message-State: AOJu0Yz2Z6/KRF12NEoJZtNj2orXaIRkwQOOotBJdAXKEbwNQn0veoOg KBjj1thwaYqo7dLOA1201dAz7msn57Lo71QG25SO6kZQ6EEsOTSxrytd1CPzZIZrzF9v2WjwEXY OQsujbde53V7APsaiap0iJrGqNrspTFld X-Google-Smtp-Source: AGHT+IEP4w87ZQpRP6Q4FRdcYXD4jB7RVNHM4YYTryxppJdl+qsZs0IolLxCk1maH8o2h9c2kYf3dK4RNm9UW9eBhMc= X-Received: by 2002:a17:906:7111:b0:a55:8675:e241 with SMTP id x17-20020a170906711100b00a558675e241mr3939634ejj.36.1713648552445; Sat, 20 Apr 2024 14:29:12 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 References: <20240420091633.00002f24@seibercom.net> <20240420153432.671268909CE2@ary.qy> In-Reply-To: <20240420153432.671268909CE2@ary.qy> From: paul beard Date: Sat, 20 Apr 2024 14:29:01 -0700 Message-ID: Subject: Re: certbot To: FreeBSD Questions List Content-Type: multipart/alternative; boundary="0000000000003d132c06168de5a5" X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.94 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.94)[-0.935]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCPT_COUNT_ONE(0.00)[1]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MISSING_XM_UA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[questions@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::62b:from] X-Rspamd-Queue-Id: 4VMPlv50hgz4Zrd --0000000000003d132c06168de5a5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable The meta question for me and perhaps others running FreeBSD 13 is what changed and how do we prepare for it if we expect to run certbot in FreeBSD 14? I run it as I always have, since release 11 or so. 00 00 * * Sun python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot renew --renew-hook 'service nginx reload' Will I need to change that? Do the folks at EFF know/have they documented what changed and how to manage it? On Sat, Apr 20, 2024 at 8:35=E2=80=AFAM John Levine wrote: > It appears that Gerard E. Seibert questions@freebsd.org> said: > >If I run the command from the command line, it works as expected. I did > >place the following in the environment: CRYPTOGRAPHY_OPENSSL_NO_LEGACY= =3D1 > > >I still do not understand why this error only happens from CRON. > > Most likely because that variable is not there. Cron uses a standard > rather sparse environment. See "man 5 crontab". > > In this case rather than messing with the script, just set the > variable on the command line in the crontab, e.g. > > 0 1 * * * CRYPTOGRAPHY_OPENSSL_NO_LEGACY=3D1 certbot ... > > R's, > John > > > --=20 Paul Beard / www.paulbeard.org/ --0000000000003d132c06168de5a5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The meta question for me and perhaps=C2=A0others running F= reeBSD 13 is what changed and how do we prepare for it if we expect to run = certbot in FreeBSD 14? I run it as I always have, since release 11 or so.= =C2=A0

00 00 * * Sun =C2=A0 pyt= hon -c 'import random; import time; time.sleep(random.random() * 3600)&= #39; && /usr/local/bin/certbot renew --renew-hook 'service ngin= x reload'

Will I need to change that? Do the = folks at EFF know/have they documented what changed and how to manage=C2=A0= it?=C2=A0

On Sat, Apr 20, 2024 at 8:35=E2=80=AFAM John Levine &= lt;johnl@iecc.com> wrote:
It appears that Gerard E. Seibert <jerry@seibercom.net, questions@freebsd.org>= ; said:
>If I run the command from the command line, it works as expected. I did=
>place the following in the environment: CRYPTOGRAPHY_OPENSSL_NO_LEGACY= =3D1

>I still do not understand why this error only happens from CRON.

Most likely because that variable is not there. Cron uses a standard
rather sparse environment.=C2=A0 See "man 5 crontab".

In this case rather than messing with the script, just set the
variable on the command line in the crontab, e.g.

0 1 * * * CRYPTOGRAPHY_OPENSSL_NO_LEGACY=3D1 certbot ...

R's,
John




--
Pa= ul Beard / www.paul= beard.org/
--0000000000003d132c06168de5a5--