Let's Encrypt Certbot Cron Job

November 16, 2016 8:51 pm

I switched my webservers over to using Let's Encrypt to obtain SSL certificates.  Everything looked great, but the update job would fail to run from Cron.

At first I had no errors to go on because my systems aren't configured with a mail program so Cron couldn't email me the errors.  Rather than configure a mailer, I just piped the output to another log file by creating a folder under /var/log with permissions for my user and then updating cron so that

[command here] >> /var/log/certbot/certbot_cron.log 2>&1

was at the end of the command.  So my full crontab entry is now:

36 2 * * * /home/kyle/certbot-auto renew --quiet --no-self-upgrade >> /var/log/certbot/certbot_cron.log 2>&1

Then I discovered the job was failing because:

sudo: no tty present and no askpass program specified

I have certbot-auto setup from my regular user account, which works great, except for the cron job.  If I put the cronjob in the root's crontab, it doesn't know about the existing configuration in my user account so it tries to start over.

After some digging around and failing to find an exact solution to this problem I managed to get it running and made this post to help the next poor unfortunate soul.

I edited the sudo rules using:

sudo visudo

And added to the end of the file:

kyle ALL=NOPASSWD:SETENV: /home/kyle/.local/share/letsencrypt/bin/letsencrypt, /usr/sbin/service apache2 *

This allows my account to execute the letsencrypt program and control the apache2 service without providing a password.  SETENV allows it to set environment variables.  I added it to get around the error message:

sudo: sorry, you are not allowed to set the following environment variables: CERTBOT_AUTO

I don't know if this is the best way of getting the cronjob to run, but it seems to be working.  It honestly still isn't clear to me if one should just do all the letsencrypt stuff as root or not.  That would probably avoid this issue, but if that's the case they should just say it somewhere.  Instead it works as non-root, but the cronjob to automatically update it doesn't.  And the automatic updating is kind of the point.

I don't know if it makes a difference, but these servers are running Ubuntu 14.04.

2016 Family Adventure - Part 3: Washington, D.C.

November 13, 2016 9:16 pm

We got up early on Friday October 7 and took the train from Berlin, CT down to Washington, D.C.  Mom & Dad went on this excursion with us.  We spent 5 days in D.C., so this post is fairly long.

From Union Station we walked to our hotel, the Holiday Inn just south of the National Air & Space Museum.  After dropping off our luggage we popped over to the museum for a little bit before closing.

Lunar Lander!



Curiosity Rover!  No idea what Heather is doing...2016-10-07_16-54-25

On Saturday we got up, ate breakfast at McDonald's (the only restaurant anywhere near the hotel open for any useful set of hours [except the two sit-down restaurants attached to the hotel]), and headed off to the Building Museum.  A "Building Museum" may not sound very interesting, but it has a bunch of things in it and many that are geared towards young kids.


The first snag was that Taste of D.C. was getting set up directly between our hotel and the Building Museum and we had to detour around it since the entire thing was fenced off for several blocks--annoying.  The second snag was that the Building Museum was hosting a pay-to-enter craft fair in their Great Hall which is usually available as a play space--super annoying.



Fun fact:  The Building Museum building was originally the Pension Bureau.  Brick was chosen to meet the anti-flammability requirements as the facility was going to house all the pension records.  The steps were designed to be shallow and easy to climb to make it easier for war veterans to navigate the building while handling pension issues.2016-10-08_13-07-43

After some time there we grabbed some Subway for lunch nearby.  Then we walked back to the hotel in a light rain in order to get the girls down for a nap.  They were going to need a nap because we were going to be out late getting a West Wing tour of the White House from Mikey.

We took the Metro from the hotel up to the White House and then had dinner at Custom Fuel (a counter-order pizza chain) while we waited for our tour time.  Mikey met us at the restaurant and then off we went.  We made it through guard shacks 1 and 2 successfully and got in to the White House (can't take any pictures inside, except in the Press Room).  We had to pause shortly after starting because a Secret Service agent didn't like where we left the stroller and made me move it, but the rest of the tour went without issue.

We saw the Oval Office, the Roosevelt Room, the door to the Situation Room, the Navy Mess, the Rose Garden, and the Press Room.  Jess was really pleased with the "Jumbos"--pictures taken by the White House Photographer that get hung on the walls throughout the building and changed out regularly.

2016-10-08_20-15-29 2016-10-08_20-23-17 2016-10-08_20-27-29

After our tour we walked across the street to the Eisenhower Executive Office Building (formerly the Old Executive Office Building) where Mikey's office is.  It's a building with a lot of character.  It's really sad that the architect was hounded and denounced for its design and eventually killed himself.

2016-10-08_20-40-16 2016-10-08_20-42-29 2016-10-08_20-54-46 2016-10-08_21-03-22 2016-10-08_21-11-48

After wandering around the EEOB for a while we got back on the Metro and headed back to the hotel.  Corinne liked the Metro.


Sunday morning we were off to the National Museum of Natural History.  So much to see and not nearly enough time to see it all.  We got through most of one floor including the dinosaurs, mummies, insects, butterflies, and some geology.  Heather and I read a book about mummies on the train ride out, but in the museum she got all weird in that exhibit and we basically raced through to the other side.  Not sure what her deal was.

2016-10-09_13-48-40 2016-10-09_14-05-46 2016-10-09_14-22-24

We did the Butterfly Pavilion walk through and the butterflies seemed to like Heather and Jess.

2016-10-09_15-07-49 2016-10-09_15-10-03

Lunch was down in the atrium and felt a little like the cafeteria in Jurassic Park.

After lunch we walked down to the Washington Monument and on down to the Lincoln Memorial for sunset.

2016-10-09_17-58-17 2016-10-09_18-02-20 2016-10-09_18-12-52 2016-10-09_18-48-40 2016-10-09_18-57-08 2016-10-09_18-59-43

Then we went by the Korean War Veterans Memorial and on back to the hotel.

Monday was Columbus Day.  We headed back to Union Station, but not to leave.  We took a Duck Tour (amphibious assault vehicles from WW II refurbished into tour buses that go through the water as well).  While we waited for the tour to leave we watched the Knights of Columbus do their wreath laying ceremony at the statue of Christopher Columbus that stands outside Union Station.

2016-10-10_13-03-07 2016-10-10_13-05-16 2016-10-10_13-05-45 2016-10-10_13-06-07 2016-10-10_13-17-36 2016-10-10_13-41-47

After the Duck Tour we ate lunch and went to the National Postal Museum (just across the street from Union Station).  Here's Heather sitting in the cab of a "semi" mail truck.


Again, you might not think it would be very engaging, but it's a pretty neat museum and not very crowded.  I wish we had had more time to spend there.  But instead it was off to the other side of town to see the Renwick Gallery and try to pick up an official White House Historical Association Christmas tree ornament.  Unfortunately, the WHHA was closed, so I had to order the ornament online instead. But the Renwick Gallery was pretty neat.


Tuesday was our final day in D.C.  We went back to the National Air & Space Museum to see some more exhibits before heading to Union Station for the train ride back to Connecticut.

Here's Heather in front of the Apollo 11 Command Module.


During this trip Heather developed two new anxieties.  One morning she ran and hopped on the elevator before the rest of us and then the doors closed.  We pushed the call button before it started moving and the doors reopened, but she was freaking out.  After that she would basically glue herself to our sides while entering elevators.

The second incident was on the metro.  We were talking about how many more stops before ours and she had misunderstood something we said.  When we reached the next stop (not ours) she jumped out of the train all excited to be on our way.  We started yelling for her to turn around and get back on the train and she did, but she freaked out about it.  Hindsight: It would probably have been smart for one of us to go out after her and bring her back, presumably one of us would have jumped out if she hadn't come right back.  So after that she had to be coaxed on to the metro and soothed in order to dare ride again.

We don't interact much with subways or elevators on a regular basis so we don't really know if these are still issues for her or not, but I'm sure it will resurface at some inopportune time in the future.

Back at the house was another rest day and then Lyman Orchards for apple picking!

2016 Family Adventure - Part 2: Old Sturbridge Village

November 12, 2016 1:57 pm

The first order of business after our long train ride was a day off.  So we spent a day just hanging around the house letting the girls run around the back yard.

2016-10-04_08-44-21 2016-10-04_15-14-53 2016-10-04_15-20-23 2016-10-04_15-22-40 2016-10-04_15-45-00 2016-10-04_16-18-32 2016-10-04_16-22-19

I'm sure you weren't, but in case you were wondering, all the pictures on this trip were taken either with a phone or using my new 18-135mm zoom lens that I purchased specifically as a just-take-one traveling lens.  I'm fairly pleased with its performance though it's not as nice as my 50mm prime.

The next day it was off to Old Sturbridge Village in Massachusetts.  A preserved / restored rural New England village representing life from the 1790s to the 1840s.  On the way there we had to make a pit stop to find some Dramamine for Heather, who was becoming carsick.

When we arrived we first ate lunch at the Oliver Wight Tavern.  Then it was into the past:



The sawmill is always interesting.  There was a lot of ingenuity in these old water-powered automation systems.  Kind of amazing what it takes to bootstrap a society.2016-10-05_14-07-46


Here's Jess taking a break next to the covered bridge.  The covered bridge doesn't usually have the interior fencing.  They were setting up for a town-wide production of The Legend of Sleepy Hollow and the fencing in the bridge seemed to be to keep the audience on the edges, presumably so they wouldn't be trampled by a galloping horse.  Side note: I read The Legend of Sleepy Hollow on the train ride home.  It's kind of dumb.  I guess it's a good representation of the "Have you ever heard the story of the...." kind of ghost tale though.2016-10-05_14-31-19


I took this picture as Heather and Corinne were chasing chickens around the town green.  The chickens had all hopped off the side of this porch and Corinne was getting ready to follow.2016-10-05_14-50-29


Hanging out at the general store eating a snack.2016-10-05_14-58-41


The water wheel that operates the gristmill.2016-10-05_15-14-58




Corinne was enamored of all the animals, but, unlike the chickens, the sheep didn't run away.2016-10-05_15-57-41a 2016-10-05_15-58-52


After our adventure in the past we made our first Friendly's stop for dinner and ice-cream (and it's only like half a mile from the Old Sturbridge Village entrance).  Heather chose the build-your-own kids sundae with mint chocolate-chip ice-cream, strawberries, cookie dough, marshmallow, and rainbow sprinkles.  She thought it was amazing.  I stuck with the Reese's Pieces Sundae.2016-10-05_18-26-45

Then back home for another day of rest before our adventure-within-an-adventure: Washington, D.C.

2016 Family Adventure - Part 1: The Train

November 5, 2016 2:11 pm

We're finally getting caught up around the house.  So I can start blogging our big adventure.  Our big family adventure this year was a train trip to the East Coast.

We loaded up on the California Zephyr in Martinez, CA on September 30.  The Martinez station is fairly nice.  It seems to have been recently renovated and the parking is free.


We booked a private sleeper room and a roomette since 4 people can't sleep in a single room (you could fit 4 in the "family bedroom," but then you don't have a private bathroom/shower).


Heather was super excited to sleep in the top bunk.  She and I stayed in the roomette while Jess and Corinne stayed in the regular room.


However, Corinne and Heather completely changed personalities / temperaments while on the train.  We called them "train children."  They were just...different.  We had a long stop in Denver so we got off the train to walk around a bit.  Which was when we decided maybe Heather was getting motion-sick.  So we bought some Dramamine for her, which helped her significantly, but she was still a "train child."

Meals generally involved Jess and I attempting to cajole some food into their mouths while they acted loony.  Watching shows on phones was about the only way we could get Corinne to sit still.


The California Zephyr runs to Chicago at which point we had a long layover before boarding the Lake Shore Limited out to Springfield, MA.  We took the opportunity to walk around Chicago for a bit.


imgp5441as imgp5464as

It was a bit cloudy so we postponed going up in Willis Tower (formerly Sears Tower) until the return trip.  But we did get some authentic Chicago-style pizza at Giordano's.


Okay, the perspective makes the pizza look bigger than it really was, but it was still impressive.

After dinner we hung out at the station--in the Metropolitan Lounge and wandering around to stretch our legs.  The newly renovated Metropolitan Lounge is quite nice with plenty of space.  The dedicated "Kids Corner" was very helpful in keeping the girls contained and entertained.  I also took the opportunity to use their new showers which was quite nice.

imgp5555as imgp5564as

Our train out of Chicago didn't leave until 9:30pm, so the girls were pretty exhausted, but we got them changed in to pajamas before boarding so they could go straight to sleep.


Then it was on to Springfield.  Mom and Dad picked us up at the station and we were glad to be in New England and off the train.

A big difference between this trip and the one we did in 2011 was the timeliness of the trains.  Amtrak must have worked out a new agreement with the freight companies or something because we were almost always either ahead of schedule or on time.  Maybe I'm mis-remembering, but it also seemed like last time we always waited at every station until the scheduled departure time.  But this time I think if the stop didn't have a real station (meaning people couldn't show up and buy a ticket at the last minute) the train would leave as soon as all expected passengers had deboarded/boarded; which really helped with the time performance.