lock.autonlab.org daily insecurity output

Charlie Root auton.sysnotify at gmail.com
Sat Jul 23 01:31:18 EDT 2022 

Running security(8):

======
/etc/acme-client.conf diffs (-OLD  +NEW)
======
--- /var/backups/etc_acme-client.conf.current	Fri Oct 26 01:37:50 2018
+++ /etc/acme-client.conf	Fri Jul 22 15:44:51 2022
@@ -2,7 +2,7 @@
 # $OpenBSD: acme-client.conf,v 1.7 2018/04/13 08:24:38 ajacoutot Exp $
 #
 authority letsencrypt {
-	api url "https://acme-v01.api.letsencrypt.org/directory"
+	api url "https://acme-v02.api.letsencrypt.org/directory"
 	account key "/etc/acme/letsencrypt-privkey.pem"
 }
 
@@ -11,10 +11,9 @@
 	account key "/etc/acme/letsencrypt-staging-privkey.pem"
 }
 
-#domain example.com {
-#	alternative names { secure.example.com }
-#	domain key "/etc/ssl/private/example.com.key"
-#	domain certificate "/etc/ssl/example.com.crt"
-#	domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
-#	sign with letsencrypt
-#}
+domain www2.autonlab.org {
+	domain key "/etc/ssl/private/www2.autonlab.org.key"
+	domain certificate "/etc/ssl/www2.autonlab.org.crt"
+	domain full chain certificate "/etc/ssl/www2.autonlab.org.fullchain.pem"
+	sign with letsencrypt
+}


======
/etc/httpd.conf diffs (-OLD  +NEW)
======
--- /dev/null	Sat Jul 23 01:31:15 2022
+++ /etc/httpd.conf	Fri Jul 22 15:47:25 2022
@@ -0,0 +1,27 @@
+# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $
+
+server "www2.autonlab.org" {
+	listen on * port 80
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+	location * {
+		block return 302 "https://$HTTP_HOST$REQUEST_URI"
+	}
+}
+
+server "www2.autonlab.org" {
+	listen on * tls port 443
+	tls {
+		certificate "/etc/ssl/www2.autonlab.org.fullchain.pem"
+		key "/etc/ssl/private/www2.autonlab.org.key"
+	}
+	location "/pub/*" {
+		directory auto index
+	}
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+}


======
/var/cron/tabs/root diffs (-OLD  +NEW)
======
--- /var/backups/var_cron_tabs_root.current	Fri Jul  9 01:38:12 2021
+++ /var/cron/tabs/root	Fri Jul 22 16:08:20 2022
@@ -1,5 +1,5 @@
 # DO NOT EDIT THIS FILE - edit the master and reinstall.
-# (/tmp/crontab.6juMZe0zA6 installed on Thu Jul  8 20:10:21 2021)
+# (/tmp/crontab.jW4ODatzw0 installed on Fri Jul 22 16:08:20 2022)
 # (Cron version V5.0)
 #
 SHELL=/bin/sh
@@ -27,8 +27,13 @@
 55	2	*	*	*	/root/mtree.sh
 
 # Let's Encrypt certificates renewal
+# 1	1	*	*	*	/usr/sbin/rcctl stop nginx
+# 2	1	*	*	*	/usr/local/sbin/nginx -c /etc/nginx/nginx.conf.minimal
+# 3	1	*	*	*	/usr/local/bin/certbot renew
+# 5	1	*	*	*	/usr/bin/pkill nginx
+# 6	1	*	*	*	/usr/sbin/rcctl start nginx
 1	1	*	*	*	/usr/sbin/rcctl stop nginx
-2	1	*	*	*	/usr/local/sbin/nginx -c /etc/nginx/nginx.conf.minimal
-3	1	*	*	*	/usr/local/bin/certbot renew
-5	1	*	*	*	/usr/bin/pkill nginx
-6	1	*	*	*	/usr/sbin/rcctl start nginx
+2	1	*	*	*	/usr/sbin/httpd -f /etc/httpd.conf
+3	1	*	*	*	/usr/sbin/acme-client www2.autonlab.org
+4	1	*	*	*	/usr/bin/pkill httpd
+5	1	*	*	*	/usr/sbin/rcctl start nginx

More information about the Autonlab-sysinfo mailing list