Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.bsd.cafe/users/stefano/statuses/115252432137723192">Stefano Marinelli (stefano@mastodon.bsd.cafe)'s status on Tuesday, 23-Sep-2025 17:37:19 JST</a><a href="https://mastodon.bsd.cafe/@stefano" title="stefano@mastodon.bsd.cafe"><img src="https://gnusocial.jp/avatar/161529-48-20250301105427.webp" width="48" height="48" alt="Stefano Marinelli" style="position: absolute; left: 0; top: 0;">Stefano Marinelli</a></section><article><p>Spent my morning figuring out why Nginx was dead on a server with many days of uptime. No reboot, no kernel panic. Just... down. Ubuntu 24.04.</p><p>The cause? An automatic unattended-upgrade of libc6. This prompted systemd to work its magic, wisely deciding to restart every running service to apply the patch. Fine.</p><p>The problem is, in the exact same minute, the systemd timer for certbot decided it was time to renew certificates.</p><p>The result:</p><p>- systemd stops Nginx.<br>- Port 80 becomes free.<br>- certbot, in standalone mode, immediately grabs it for validation.<br>- systemd tries to restart Nginx, which fails with "Address already in use".</p><p>The web server was knocked offline by its own certificate renewal script.</p><p>I swear, this is the kind of cascading failure that has never happened to me in years of running *BSD. With a classic cron job, certbot would have failed, logged an error, and tried again the next day. The web server would have remained untouched.</p><p>Sometimes, too much automation and too many interconnected parts just create more spectacular ways for things to break.</p><p><a href="https://mastodon.bsd.cafe/tags/SysAdmin" rel="tag">#SysAdmin</a> <a href="https://mastodon.bsd.cafe/tags/Linux" rel="tag">#Linux</a> <a href="https://mastodon.bsd.cafe/tags/SystemD" rel="tag">#SystemD</a> <a href="https://mastodon.bsd.cafe/tags/Rant" rel="tag">#Rant</a> <a href="https://mastodon.bsd.cafe/tags/KISS" rel="tag">#KISS</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5672926#notice-11135869">In conversation</a><time datetime="2025-09-23T17:37:19+09:00" title="Tuesday, 23-Sep-2025 17:37:19 JST">about 2 months ago</time> <span>from <span><a href="https://mastodon.bsd.cafe/@stefano/115252432137723192" rel="external" title="Sent from mastodon.bsd.cafe via ActivityPub">mastodon.bsd.cafe</a></span></span><a href="https://mastodon.bsd.cafe/@stefano/115252432137723192">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Stefano Marinelli (stefano@mastodon.bsd.cafe)'s status on Tuesday, 23-Sep-2025 17:37:19 JST Stefano Marinelli
Spent my morning figuring out why Nginx was dead on a server with many days of uptime. No reboot, no kernel panic. Just... down. Ubuntu 24.04.
The cause? An automatic unattended-upgrade of libc6. This prompted systemd to work its magic, wisely deciding to restart every running service to apply the patch. Fine.
The problem is, in the exact same minute, the systemd timer for certbot decided it was time to renew certificates.
The result:
- systemd stops Nginx.
- Port 80 becomes free.
- certbot, in standalone mode, immediately grabs it for validation.
- systemd tries to restart Nginx, which fails with "Address already in use".
The web server was knocked offline by its own certificate renewal script.
I swear, this is the kind of cascading failure that has never happened to me in years of running *BSD. With a classic cron job, certbot would have failed, logged an error, and tried again the next day. The web server would have remained untouched.
Sometimes, too much automation and too many interconnected parts just create more spectacular ways for things to break.
#SysAdmin #Linux #SystemD #Rant #KISS
In conversationabout 2 months ago from mastodon.bsd.cafepermalink

Public

Embed Notice

HTML Code

Corresponding Notice