[Yeti DNS Discuss] A public Yeti DNS resolver (but with TLS)
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Dec 29 18:11:03 UTC 2016
On Tue, Dec 27, 2016 at 07:53:49PM +0000,
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
a message of 18 lines which said:
> it has a nice Let's Encrypt certificate. (I've set up a Nginx HTTP
> server at <https://dns-resolver.yeti.eu.org/>, ran "sudo certbot
> certonly --webroot -w /usr/share/nginx/html -d
> dns-resolver.yeti.eu.org"
Any certbot expert here? I configured cron to run "certbot renew" every
day:
13 4 * * * certbot renew
But certbot is very talkative. On the standard output:
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/dns-resolver.yeti.eu.org.conf
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/dns-resolver.yeti.eu.org/fullchain.pem (skipped)
No renewals were attempted.
On the standard error (despite the fact there is no error!):
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not yet due for renewal
To me, it violates a very important Unix design principle "when you
have nothing to say, shut up".
I do not find a way to make it "quiet" (output something only if there
is an error *or* if there is something to announce, such as an actual
renewal).
More information about the discuss
mailing list