mrorz
g0v.hackmd.io
cofacts
Month: 2019-05
- 2016-10 (24)
- 2016-11 (2)
- 2016-12 (25)
- 2017-01 (633)
- 2017-02 (871)
- 2017-03 (575)
- 2017-04 (383)
- 2017-05 (265)
- 2017-06 (288)
- 2017-07 (299)
- 2017-08 (260)
- 2017-09 (382)
- 2017-10 (298)
- 2017-11 (504)
- 2017-12 (293)
- 2018-01 (91)
- 2018-02 (170)
- 2018-03 (151)
- 2018-04 (81)
- 2018-05 (127)
- 2018-06 (93)
- 2018-07 (76)
- 2018-08 (194)
- 2018-09 (99)
- 2018-10 (208)
- 2018-11 (39)
- 2018-12 (34)
- 2019-01 (124)
- 2019-02 (43)
- 2019-03 (93)
- 2019-04 (59)
- 2019-05 (54)
2019-05-01
2019-05-02
書懷
網站憑證好像過期了,打開會錯誤
書懷
Screenshot_20190502-104259.png
mrorz
!!!! 感謝回報
mrorz
我們的 cronjob 永遠會出包囧
mrorz
我覺得很痛苦
ronnywang
我在想 g0v-domain 那邊要不要自動做個 daily 檢查 XD
ronnywang
針對所有 http://g0v.tw|g0v.tw domain
mrorz
g0v domain 可以加掛 cloudflare 讓他出 https 嗎 QAQ
ronnywang
可以啊,可是建議原始處還是要 https ,不然原始 server 到 cloudflare 之間還是有風險?
mrorz
我相信問題不在 monitoring 而是我能力不足
ronnywang
這種意外難免,我也常發生我的 cron 死掉 XD
ronnywang
說到這我還是順便檢查一下我手上的 https 好了
mrorz
其實好像不是 cron 死掉
ronnywang
另外下次 renew letsencrypt ssl 時,可以加入信箱資訊,letsencrypt 會在到期一週前左右如果還沒 renew 的話會 email 提醒
mrorz
```
2019-05-01 00:00:14,531:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 500 111
2019-05-01 00:00:14,533:DEBUG:acme.client:Received response:
HTTP 500
Server: nginx
Content-Type: application/problem+json
Content-Length: 111
Replay-Nonce: <Redacted>
Expires: Wed, 01 May 2019 00:00:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 01 May 2019 00:00:14 GMT
Connection: close
{
"type": "urn:acme:error:serverInternal",
"detail": "Failed to get registration by key",
"status": 500
}
```
2019-05-01 00:00:14,531:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 500 111
2019-05-01 00:00:14,533:DEBUG:acme.client:Received response:
HTTP 500
Server: nginx
Content-Type: application/problem+json
Content-Length: 111
Replay-Nonce: <Redacted>
Expires: Wed, 01 May 2019 00:00:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 01 May 2019 00:00:14 GMT
Connection: close
{
"type": "urn:acme:error:serverInternal",
"detail": "Failed to get registration by key",
"status": 500
}
```
mrorz
letsencrypt 是不是常常亂 500
mrorz
我看了一下 http://cofacts-api.g0v.tw|cofacts-api.g0v.tw 的 SSL 有成功更新到 2019-07
mrorz
但 http://cofacts.g0v.tw|cofacts.g0v.tw 的就 500
ronnywang
http://cofacts.g0v.tw|cofacts.g0v.tw 有做 load balancer 嗎?後面是一台還是多台主機?
mrorz
一台而已
ronnywang
多台主機會有相關認證東西在 A 主機,結果 letsencrypt 跑到 B 主機去問結果問不到東西失敗
mrorz
同一個指令,cron 會失敗,但我現在手動跑就好了
```
docker run --rm -v /var/www/cofacts:/var/www/cofacts -v /etc/letsencrypt:/etc/letsencrypt -v /etc/ssl/certs:/etc/ssl/certs -v /var/log:/var/log certbot/certbot certonly --webroot -w /var/www/cofacts -d http://cofacts.g0v.tw|cofacts.g0v.tw -m <強者email> --agree-tos --non-interactive >> /var/log/cron.log 2>&1
```
```
docker run --rm -v /var/www/cofacts:/var/www/cofacts -v /etc/letsencrypt:/etc/letsencrypt -v /etc/ssl/certs:/etc/ssl/certs -v /var/log:/var/log certbot/certbot certonly --webroot -w /var/www/cofacts -d http://cofacts.g0v.tw|cofacts.g0v.tw -m <強者email> --agree-tos --non-interactive >> /var/log/cron.log 2>&1
```
mrorz
2019/3/1 的時候是 cofacts-api 的 script 會 500 Failed to get registration by key
mrorz
昨天是 cofacts 會 500
mrorz
看來是真的不穩定⋯⋯
ronnywang
你是一個月跑一次嗎?
ronnywang
要不要改成每天都 renew 一次
ronnywang
除非衰到最後 30 天每次 renew 都骰到 500 ,不然只要有一天 renew 成功就沒事了
mrorz
我看看 rate limit
https://letsencrypt.org/docs/rate-limits/
https://letsencrypt.org/docs/rate-limits/
letsencrypt.org
Last updated: April 15, 2019 | See all Documentation Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. We believe these rate limits are high enough to work for most people by default. We’ve also designed them so renewing a certificate almost never hits a rate limit, and so that large organizations can gradually increase the number of certificates they can issue without requiring intervention from Let’s Encrypt.
ronnywang
我現在 middle2 有 40 個 domain 都是每天都 renew 一次
mrorz
好像每天是 ok der
mrorz
我改成 dow 1 好了
每週一次
每週一次
mrorz
改好了
感謝感謝
感謝感謝
mrorz
這樣最後一月應該至少會 try 3 次
ronnywang
g0v domain 那邊我是滿想在 config 增加一個 “check_ssl”: true 的值,然後有隻 cron 每天檢查 ssl 是不是合法以及會不會七天內要到期了
mrorz
好呀 XD
ronnywang
這個需求感覺可以寫出來許願給有意願的新參者做 XD
mrorz
@darkbtf
```
docker run --rm -v /var/www/cofacts:/var/www/cofacts -v /etc/letsencrypt:/etc/letsencrypt -v /etc/ssl/certs:/etc/ssl/certs -v /var/log:/var/log certbot/certbot certonly --webroot -w /var/www/cofacts -d http://cofacts.g0v.tw|cofacts.g0v.tw -m <強者email> --agree-tos --non-interactive >> /var/log/cron.log 2>&1
```
那個 `-m` 目前是填你的 email。如果改填 `<mailto:cofacts@googlegroups.com|cofacts@googlegroups.com>` 的話會壞掉嗎
```
docker run --rm -v /var/www/cofacts:/var/www/cofacts -v /etc/letsencrypt:/etc/letsencrypt -v /etc/ssl/certs:/etc/ssl/certs -v /var/log:/var/log certbot/certbot certonly --webroot -w /var/www/cofacts -d http://cofacts.g0v.tw|cofacts.g0v.tw -m <強者email> --agree-tos --non-interactive >> /var/log/cron.log 2>&1
```
那個 `-m` 目前是填你的 email。如果改填 `<mailto:cofacts@googlegroups.com|cofacts@googlegroups.com>` 的話會壞掉嗎
BenjiDude
@penguinjoints has joined the channel
2019-05-03
mrorz
@lucien 要 try 這個ㄇ
https://eng.uber.com/introducing-base-web/
https://eng.uber.com/introducing-base-web/
Uber Engineering Blog
Introducing Base Web, Uber’s New Design System for Building Websites in React
Base Web is a React component library which implements the Base design language to act as a device-agnostic foundation for easily creating web applications.
2019-05-04
Danny
有嘗試過這個 container 嗎?
jrcs/letsencrypt-nginx-proxy-companion
會自動產生 & 更新憑證
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
jrcs/letsencrypt-nginx-proxy-companion
會自動產生 & 更新憑證
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
hcchien
@hcchien407 has left the channel
2019-05-08
ggm
```
Channel ID : 1563196602
Channel name : Cofacts 真的假的 | 轉傳查證
Reason for error : request_timeout
Detail for error : Request timeout
Error count : 2
Time detected : 2019/05/06 21:04:21 - 2019/05/06 21:04:24
URL : Errors of the Channel
```
Channel ID : 1563196602
Channel name : Cofacts 真的假的 | 轉傳查證
Reason for error : request_timeout
Detail for error : Request timeout
Error count : 2
Time detected : 2019/05/06 21:04:21 - 2019/05/06 21:04:24
URL : Errors of the Channel
```
ggm
`BusinessConnect: Error detected - Cofacts 真的假的 | 轉傳查證`
2019-05-10
jasonch
@jasonchung626 has joined the channel
joseph2068
@joseph2068 has joined the channel
2019-05-12
bangyuwen
@bangyuwen has joined the channel
sunitshrestha
@sunitshrestha has joined the channel
2019-05-15