cofacts

Month: 2019-05

2019-05-01

2019-05-02

書懷 10:59:59
網站憑證好像過期了,打開會錯誤
書懷 11:00:30
Screenshot_20190502-104259.png
mrorz 11:28:27
!!!! 感謝回報
mrorz 11:28:37
我們的 cronjob 永遠會出包囧
mrorz 11:28:51
我覺得很痛苦
ronnywang 11:29:01
我在想 g0v-domain 那邊要不要自動做個 daily 檢查 XD
ronnywang 11:29:12
針對所有 http://g0v.tw|g0v.tw domain
mrorz 11:29:20
g0v domain 可以加掛 cloudflare 讓他出 https 嗎 QAQ
ronnywang 11:29:44
可以啊,可是建議原始處還是要 https ,不然原始 server 到 cloudflare 之間還是有風險?
mrorz 11:29:48
我相信問題不在 monitoring 而是我能力不足
ronnywang 11:30:40
這種意外難免,我也常發生我的 cron 死掉 XD
ronnywang 11:30:54
說到這我還是順便檢查一下我手上的 https 好了
mrorz 11:32:16
其實好像不是 cron 死掉
ronnywang 11:32:47
另外下次 renew letsencrypt ssl 時,可以加入信箱資訊,letsencrypt 會在到期一週前左右如果還沒 renew 的話會 email 提醒
mrorz 11:32:48
```
2019-05-01 00:00:14,531:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 500 111
2019-05-01 00:00:14,533:DEBUG:acme.client:Received response:
HTTP 500
Server: nginx
Content-Type: application/problem+json
Content-Length: 111
Replay-Nonce: <Redacted>
Expires: Wed, 01 May 2019 00:00:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 01 May 2019 00:00:14 GMT
Connection: close
{
"type": "urn:acme:error:serverInternal",
"detail": "Failed to get registration by key",
"status": 500
}
```
mrorz 11:33:07
letsencrypt 是不是常常亂 500
mrorz 11:33:27
我看了一下 http://cofacts-api.g0v.tw|cofacts-api.g0v.tw 的 SSL 有成功更新到 2019-07
ronnywang 11:34:16
http://cofacts.g0v.tw|cofacts.g0v.tw 有做 load balancer 嗎?後面是一台還是多台主機?
mrorz 11:34:26
一台而已
ronnywang 11:35:04
多台主機會有相關認證東西在 A 主機,結果 letsencrypt 跑到 B 主機去問結果問不到東西失敗
mrorz 11:36:18
同一個指令,cron 會失敗,但我現在手動跑就好了

```
docker run --rm -v /var/www/cofacts:/var/www/cofacts -v /etc/letsencrypt:/etc/letsencrypt -v /etc/ssl/certs:/etc/ssl/certs -v /var/log:/var/log certbot/certbot certonly --webroot -w /var/www/cofacts -d http://cofacts.g0v.tw|cofacts.g0v.tw -m <強者email> --agree-tos --non-interactive >> /var/log/cron.log 2>&amp;1
```
mrorz 11:37:26
( https://cofacts.g0v.tw 現在好囉 )

cofacts.g0v.tw

Cofacts 真的假的 - 協作型事實查核系統

「Cofacts 真的假的」是一套連結網路訊息與事實查核的協作型系統。

mrorz 11:38:25
2019/3/1 的時候是 cofacts-api 的 script 會 500 Failed to get registration by key
mrorz 11:38:32
昨天是 cofacts 會 500
mrorz 11:38:36
看來是真的不穩定⋯⋯
ronnywang 11:40:46
你是一個月跑一次嗎?
ronnywang 11:40:52
要不要改成每天都 renew 一次
ronnywang 11:41:55
除非衰到最後 30 天每次 renew 都骰到 500 ,不然只要有一天 renew 成功就沒事了
mrorz 11:42:28
我看看 rate limit
https://letsencrypt.org/docs/rate-limits/

letsencrypt.org

Rate Limits

Last updated: April 15, 2019 | See all Documentation Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. We believe these rate limits are high enough to work for most people by default. We’ve also designed them so renewing a certificate almost never hits a rate limit, and so that large organizations can gradually increase the number of certificates they can issue without requiring intervention from Let’s Encrypt.

ronnywang 11:43:08
我現在 middle2 有 40 個 domain 都是每天都 renew 一次
mrorz 11:43:31
好像每天是 ok der
mrorz 11:44:14
我改成 dow 1 好了
每週一次
mrorz 11:46:13
改好了
感謝感謝
mrorz 11:48:33
這樣最後一月應該至少會 try 3 次
ronnywang 11:48:34
g0v domain 那邊我是滿想在 config 增加一個 “check_ssl”: true 的值,然後有隻 cron 每天檢查 ssl 是不是合法以及會不會七天內要到期了
mrorz 11:48:45
好呀 XD
ronnywang 11:49:35
這個需求感覺可以寫出來許願給有意願的新參者做 XD
mrorz 11:52:13
@darkbtf
```
docker run --rm -v /var/www/cofacts:/var/www/cofacts -v /etc/letsencrypt:/etc/letsencrypt -v /etc/ssl/certs:/etc/ssl/certs -v /var/log:/var/log certbot/certbot certonly --webroot -w /var/www/cofacts -d http://cofacts.g0v.tw|cofacts.g0v.tw -m <強者email> --agree-tos --non-interactive >> /var/log/cron.log 2>&amp;1
```

那個 `-m` 目前是填你的 email。如果改填 `<mailto:cofacts@googlegroups.com|cofacts@googlegroups.com>` 的話會壞掉嗎
BenjiDude 21:37:43
@penguinjoints has joined the channel

2019-05-03

mrorz 18:26:52
@lucien 要 try 這個ㄇ
https://eng.uber.com/introducing-base-web/

Uber Engineering Blog

Introducing Base Web, Uber’s New Design System for Building Websites in React

Base Web is a React component library which implements the Base design language to act as a device-agnostic foundation for easily creating web applications.

2019-05-04

Danny 00:12:55
有嘗試過這個 container 嗎?
jrcs/letsencrypt-nginx-proxy-companion
會自動產生 &amp; 更新憑證
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
hcchien 09:22:21
@hcchien407 has left the channel

2019-05-08

ggm 20:26:47
```
Channel ID : 1563196602
Channel name : Cofacts 真的假的 | 轉傳查證
Reason for error : request_timeout
Detail for error : Request timeout
Error count : 2
Time detected : 2019/05/06 21:04:21 - 2019/05/06 21:04:24
URL : Errors of the Channel
```
ggm 20:27:07
`BusinessConnect: Error detected - Cofacts 真的假的 | 轉傳查證`

2019-05-10

jasonch 14:09:10
@jasonchung626 has joined the channel
joseph2068 17:01:29
@joseph2068 has joined the channel

2019-05-12

bangyuwen 01:08:58
@bangyuwen has joined the channel
sunitshrestha 11:19:26
@sunitshrestha has joined the channel

2019-05-15