2021-07-29T03:27:09  <a-865k> browser statusbar is back to perpetually reporting "connecting to beans.opensuse.org" regardless of which current forum page is loaded
2021-07-29T10:44:24  <cboltz_> a-865k: fixed once more, thanks for the report
2021-07-29T10:44:55  <cboltz_> it looks like someone has tried to implement a more permanent solution, but it didn't work
2021-07-29T11:51:29  <kl_eisbaer> ?? I updated matomo today to 4.4.0 - what exactly did you fix, cboltz_ ?
2021-07-29T11:51:52  <cboltz_> the ssl certificate
2021-07-29T11:52:13  <cboltz_> dehydrated wasn't able to copy it to /etc/apache2/ssl.key because the directory permissions didn't allow it
2021-07-29T11:52:30  <cboltz_> (I guess there was an apache update in the last two months that had reset the permissions)
2021-07-29T11:52:38  <kl_eisbaer> hm
2021-07-29T11:52:52  <kl_eisbaer> permanent solution would be to create a directory outside RPM control
2021-07-29T11:53:04  <kl_eisbaer> I was thinking about a problem with matomo itself ....
2021-07-29T11:53:31  <cboltz_> no, it was the "good old" problem we see every two months ;-)
2021-07-29T11:53:32  <kl_eisbaer> let's have a look - IMHO we do this on multiple other servers already
2021-07-29T11:54:24  <kl_eisbaer> at least the hook.sh looks not like our standard one (I'm normally too lazy to copy each file individually ;-)
2021-07-29T11:54:45  <kl_eisbaer> lol
2021-07-29T11:54:54  <cboltz_> BTW: sudo greeted me with complaints about an invalid rule - looks like someone (you?) added a rule to chmod /etc/apache2/ssl.key
2021-07-29T11:55:17  <kl_eisbaer> calling 'cp' without anything else - but two lines below calling sudo to chown the permissions ;-)
2021-07-29T11:55:22  <cboltz_> for now, I created a cronjob to do the chmod every day ;-)
2021-07-29T11:55:43  <kl_eisbaer> Why not calling "cp" with sudo as well and be'ng done with it?
2021-07-29T11:56:19  <cboltz_> nothing wrong with that, and it's probably the better solution
2021-07-29T11:56:43  <cboltz_> I "just" chose the solution that needed the least changes
2021-07-29T11:57:04  <kl_eisbaer> hehe: you learned from the best ;-)
2021-07-29T11:57:20  <cboltz_> ;-)
2021-07-29T11:57:53  <cboltz_> if you switch to  sudo cp   feel free to remove my cronjob from  crontab -e
2021-07-29T11:58:22  <kl_eisbaer> will do, thanks for the hint!
2021-07-29T12:00:03  <cboltz_> Please also close https://progress.opensuse.org/issues/90521 when done
2021-07-29T12:01:31  <kl_eisbaer> /etc/sudoers.d/dehydrated:9:53: syntax error 
2021-07-29T12:01:32  <kl_eisbaer>                                /usr/bin/chmod u+rwX,g+rwX,o-rwX /etc/apache2/ssl.key/*
2021-07-29T12:01:53  <kl_eisbaer> looks like sudo does not like unquoted  commata in the command line
2021-07-29T12:02:48  <kl_eisbaer> as there are just files in the directory anyway, I will just simplify the line
2021-07-29T12:03:16  <cboltz_> actually you need to chmod the _directory_, not the files
2021-07-29T12:03:41  <cboltz_> the command in my cronjob should be enough (and avoids the sudo complaints)
2021-07-29T12:04:42  <kl_eisbaer> well: if we use sudo to copy the files, there shouldn't be a need to execute chown/chmod at all
2021-07-29T12:04:55  <cboltz_> right
2021-07-29T12:09:40  <kl_eisbaer> FYI: systemctl has 'systemctl try-reload-or-restart $service' to avoid errors, if a service (linke nginx) is disabled.
2021-07-29T12:11:13  <cboltz_> yeah, but that probably won't help if apache refuses to start because of a cert/key mismatch (or "just" a syntax error in a config file)
2021-07-29T12:12:18  <cboltz_> with reload or try-reload, it might continue to run with the old cert (or config)
2021-07-29T12:13:05  <kl_eisbaer> the old one had "reload nginx" or "reload apache2" - so I see an improvement with the "try-reload-or-restart"  already ;-)
2021-07-29T12:13:38  <kl_eisbaer> ...and at least right now apache still runs, even if I manually enforced a cert renewal
2021-07-29T12:14:01  <cboltz_> nice :-)
2021-07-29T12:14:29  <kl_eisbaer> let's verify in 2 months :D
2021-07-29T12:15:17  <cboltz_> yeah ;-)
2021-07-29T12:15:42  <cboltz_> for completeness - restart means "stop, then start", and AFAIK there's no way to do a config check first
2021-07-29T12:16:04  <cboltz_> try-restart adds a "if the service is running" conditon, not more
2021-07-29T12:27:19  <kl_eisbaer> There is a way to do a config check - but it depends on the packager, resp. the service itself, if this is implemented. 
2021-07-29T12:27:52  <kl_eisbaer> IMHO nagios, icinga, icinga2 and bind do a pre-config check before doing anything else. Neither apache nor nginx have this implemented, yet.
2021-07-29T12:28:30  <kl_eisbaer> might be worth a bug report / feature request, IMHO, as - at least - apache2 and nginx allow to check the configuration with a one-liner already.
2021-07-29T16:20:40  <FreeVariableAdri> DimStar_: Wrote you an email. Time is flying and some people are counting on my reply, so would be awesome if I we could move forward :)
2021-07-29T16:20:53  <FreeVariableAdri> DimStar: ^