Parallel __letsencrypt_cert inconsistent in finding existing cert #27
Labels
No Label
bugfix
cleanup
discussion
documentation
doing
done
feature
improvement
packaging
Stale
testing
TODO
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: ungleich-public/cdist#27
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
My setup is using __letsencrypt_cert for several domains in my manifest, however the actual working seems to be inconsistent:
Running
cdist config -v my.host.name
is running fine, it skips the already existing certs.However, if I try to speed up exectuion by using
cdist config -j2 -v my.host.name
, half of my certs seem to be missed by the explorers, and__letsencrypt_cert
callscertbot
even for existing, completely valid certificates, forcing it to reissue certificates). Which in turn causes me to hit the rate-limit.mentioned in commit
a696f3cf00
mentioned in commit
81b426e4e2
mentioned in merge request !976
mentioned in commit 9ba9dceb1a709f47c059d2e21d1e4e5b1b81d00f
EDIT: missed that the report for #848 already uses this issue as an example of that behaviour being problematic.
Looking at __letsencrypt_cert/explorer/certificate-exists I'm wondering if certbot has issues with locking or something similar and this could have something to do with #848, will try to create a test to reproduce it.
@fancsali
__letsencrypt_cert
is marked asnonparallel
.Can you give more info?
Can you paste your manifest and debug log output?