Re: [tor-relays] Updating from Ubuntu 20.04 using apt-secure
Peter, Thanks for the response that did the trick and got the system updated fully. Thanks, John Csuti +1 (216) 633-1279 On 2021-10-11 03:41 AM, Peter Gerber wrote: Hi, unfortunately, there is some software that wasn't well prepared for the expiration of the Let's Encrypt root certificate [1 [1]]. Ubuntu ships a fix/workaround [2 [2]] for the issue. Just update Ubuntu first, then try to update Tor again. Peter [1]: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ [2]: https://changelogs.ubuntu.com/changelogs/pool/main/c/ca-certificates/ca-certificates_20210119~20.04.2/changelog John Csuti via tor-relays: Hello all, I recently went to update and upgrade my system and found that the certificate for deb.torproject.org is expired and no longer trusted? Is anyone else having this issue and is there a way to fix this. I also added the repo to a fresh install of ubuntu 20.04 and got the same error. Error Err:5 https://deb.torproject.org/torproject.org focal Release Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443] Thanks, John Csuti +1 (216) 633-1279 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Links: -- [1] https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ [2] https://changelogs.ubuntu.com/changelogs/pool/main/c/ca-certificates/ca-certificates_20210119~20.04.2/changelog 0x148EEF26.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Updating from Ubuntu 20.04 using apt-secure
Hi, unfortunately, there is some software that wasn't well prepared for the expiration of the Let's Encrypt root certificate [1]. Ubuntu ships a fix/workaround [2] for the issue. Just update Ubuntu first, then try to update Tor again. Peter [1]: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ [2]: https://changelogs.ubuntu.com/changelogs/pool/main/c/ca-certificates/ca-certificates_20210119~20.04.2/changelog John Csuti via tor-relays: > Hello all, > > I recently went to update and upgrade my system and found that the > certificate for deb.torproject.org is expired and no longer trusted? Is > anyone else having this issue and is there a way to fix this. I also added > the repo to a fresh install of ubuntu 20.04 and got the same error. > > Error > Err:5 https://deb.torproject.org/torproject.org focal Release > Certificate verification failed: The certificate is NOT trusted. The > certificate chain uses expired certificate. Could not handshake: Error in the > certificate verification. [IP: 95.216.163.36 443] > > Thanks, > John Csuti > +1 (216) 633-1279 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor automatic restart
As far as I know the only way to do what you want is via Cron. On 2021-10-09 15:40, Keifer Bly wrote: Hi, So my relay at https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D Seems to periodically go down once a month or so. I am wondering, is there a way configure tor (via the torrc file) to restart automatically once a month? Thank you. --Keifer ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor automatic restart
On Sunday, October 10, 2021 at 4:48:47 AM UTC-4 Keifer Bly wrote: > I am wondering, is there a way configure tor (via the torrc file) to > restart automatically once a month? Thank you. > Before you implement a time-based service restart, you may wish to check that your OS and hardware (eg. firmware) are as up to date as you can reasonably make them. It strikes me as odd that you would have that instability that would require such a service restart. Do you have other services running? Are you running any sort of system monitoring that would tell you about issues with RAM or persistent storage? With that said, I have used monit[0] in the past to bring services back up when a test fails, though never tor. Note that my go-to if I were going to implement monit would be to have a service check, and not restart on a time basis, but rather on a threshold or reachability basis. Eg. if you were going to use monit with a webapp, Id suggest you have a page in the style of https://example.org/webapp/monit-check/ that must load the app runtime, and then have monit restart everything involved in the app if that page load takes more than 15 seconds. In your case that might look like installing nyx[1] and having a wrapper script that checks with nyx and has a non-zero exit you can have monit act on. Cheers, -- ibiblio Tor Manager [0] https://mmonit.com/monit/documentation/monit.html [1] https://nyx.torproject.org/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor automatic restart
Keifer, When you say, "periodically go down once a month" do you mean the Tor service dies, becomes defunct, circuits bleed off, Internet connectivity issues, power goes out, etc? Anything in the torlog that might provide a clue? From your metrics, you can definitely tell your relay goes down once or twice a month I don't know of a way to monitor and restart the Tor service via the torrc file. However, if you knew the root cause, it would help to monitor, report, and/or restore the Tor service, externally. I have battery backups, power generator, and loadbalance to multiple relay nodes within my portion of the Tor network. I would like to add redundant ISP's and routers to my topology, as well. Respectfully, Gary—This Message Originated by the Sun.iBigBlue 63W Solar Array (~12 Hour Charge)+ 2 x Charmast 26800mAh Power Banks= iPhone XS Max 512GB (~2 Weeks Charged) On Sunday, October 10, 2021, 1:48:52 AM PDT, Keifer Bly wrote: Hi, So my relay at https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D Seems to periodically go down once a month or so. I am wondering, is there a way configure tor (via the torrc file) to restart automatically once a month? Thank you. --Keifer ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Restarting Tor
Greetings! Thanks for running your relays! On Sunday, October 10, 2021 at 4:49:16 AM UTC-4 sysmanager7 via tor-relays wrote: > Greetings All, I have three relays that are in need of an upgrade and > reboot. > What is the best way to restart these relays without loosing flags or time? > We routinely reboot our nodes for kernel updates and retain the stable flag. High uptime is not something to brag about for a tor node, so don't worry about that. If you're running a debian-based linux distro, you can have unattended-upgrades[0] do the work for you and warn you via email. There are tools that will allow for similar workflows for other OSes, eg. with dnf on rpm-based distros[1]. > Secondly how long can a relay be down before flags are dropped? > I don't know the upper bound, but twice I've migrated keys from an old piece of hardware to a new piece of hardware when the support warranty expired, and that node still has the stable flag. I took my time and did the migration carefully. It's far more important that you follow the advice[2] on how to keep your relay in good shape once it's up and running than that you find the limits of certain flags. Cheers! -- ibiblio Tor Manager [0] https://wiki.debian.org/UnattendedUpgrades [1] https://dnf.readthedocs.io/en/latest/automatic.html [2] https://community.torproject.org/relay/setup/post-install/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor automatic restart
On Sunday, October 10, 2021 12:40:22 AM CEST Keifer Bly wrote: > So my relay at > https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF > 36B1E74372861D > > > Seems to periodically go down once a month or so. I am wondering, is there a > way configure tor (via the torrc file) to restart automatically once a > month? Thank you. You can do this with a simple cron job. But it makes more sense to research why the Tor daemon aborts. You may have activated bandwidth accounting. Or limit at the provider is used up if you don't have unlimited services. By the way, You have an unsupported EOL Tor version: https://lists.torproject.org/pipermail/tor-relays/2021-October/019862.html And your torrc is misconfigured. Why did you set exit policies that are also wrong? You must at least accept ports 80, 443 and 53 to be an exit. And generally first enter an exit address. Preferably IP and IPv6. ;-) https://docs.ovh.com/us/en/vps/configuring-ipv6/ The ports TCP 6660-6667 (IRC) may allow DDOS attacks against you. I'm not sure if that could be exploited in your constellation. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Restarting Tor
On Sunday, October 10, 2021 5:07:54 AM CEST sysmanager7 via tor-relays wrote: > Greetings All, I have three relays that are in need of an upgrade and > reboot. What is the best way to restart these relays without loosing flags > or time? That depends on your OS and the init daemon. Example for sshd: https://www.cyberciti.biz/faq/howto-restart-ssh/ On Debian derivatives with systemd: Reload will tell the service to reload its configuration files, but keep the same process running. Restart tells it to shut down entirely, then restart. Generally speaking, restart will terminate the service in question and restart it; reload will only reload the configuration file. After an upgrade you must use restart. Use 'su -' or sudo ~$ sudo systemctl restart tor ~$ sudo systemctl reload tor The above applies to all instances. For individual instances use: ~$ sudo systemctl reload tor@00 ~$ sudo systemctl reload tor@01 ... On init.d systems (Unix/Linux/*BSD) use: ('su -', doas or sudo) ~$ service restart tor > Secondly how long can a relay be down before flags are dropped? After a reload, the flags are retained. After a restart they are gone straight away. How quickly they come back depends on the length and frequency of the downtime. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Updating from Ubuntu 20.04 using apt-secure
Hello all, I recently went to update and upgrade my system and found that the certificate for deb.torproject.org is expired and no longer trusted? Is anyone else having this issue and is there a way to fix this. I also added the repo to a fresh install of ubuntu 20.04 and got the same error. Error Err:5 https://deb.torproject.org/torproject.org focal Release Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443] Thanks, John Csuti +1 (216) 633-1279 0x148EEF26.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Restarting Tor
Hello, I cant comment on how long a relay needs to be down before you loose flags could be a day or longer. As for needing to upgrade and reboot just go ahead and do it. The network will keep your current flags through the reboot and upgrade. Being down for both a reboot and or a upgrade is expected and encouraged. Thanks, John Csuti +1 (216) 633-1279 On 2021-10-09 11:07 PM, sysmanager7 via tor-relays wrote: Greetings All, I have three relays that are in need of an upgrade and reboot. What is the best way to restart these relays without loosing flags or time? Secondly how long can a relay be down before flags are dropped? Thank you for any help! Sysop Sent with ProtonMail [1] Secure Email. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Links: -- [1] https://protonmail.com/ 0x148EEF26.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor automatic restart
No. I have no other processes running on the vps. The OS Debian Linux is running the newest version, it seems something is causing the tor process to get hung up once a month. Will take a look at that, thanks. --Keifer On Sun, Oct 10, 2021 at 10:04 AM Tor Manager wrote: > On Sunday, October 10, 2021 at 4:48:47 AM UTC-4 Keifer Bly wrote: > >> I am wondering, is there a way configure tor (via the torrc file) to >> restart automatically once a month? Thank you. >> > > Before you implement a time-based service restart, you may wish to check > that your OS and hardware (eg. firmware) are as up to date as you can > reasonably make them. It strikes me as odd that you would have that > instability that would require such a service restart. Do you have other > services running? Are you running any sort of system monitoring that would > tell you about issues with RAM or persistent storage? > > With that said, I have used monit[0] in the past to bring services back up > when a test fails, though never tor. Note that my go-to if I were going to > implement monit would be to have a service check, and not restart on a time > basis, but rather on a threshold or reachability basis. Eg. if you were > going to use monit with a webapp, Id suggest you have a page in the style > of https://example.org/webapp/monit-check/ that must load the app > runtime, and then have monit restart everything involved in the app if that > page load takes more than 15 seconds. In your case that might look like > installing nyx[1] and having a wrapper script that checks with nyx and has > a non-zero exit you can have monit act on. > > Cheers, > -- > ibiblio Tor Manager > > [0] https://mmonit.com/monit/documentation/monit.html > [1] https://nyx.torproject.org/ > > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor automatic restart
Hello, First i would recommend updating your tor version then worrying about your issue. Your current tor version is not recommended by the directory authority's. Thanks, John Csuti +1 (216) 633-1279 On 2021-10-09 06:40 PM, Keifer Bly wrote: Hi, So my relay at https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D Seems to periodically go down once a month or so. I am wondering, is there a way configure tor (via the torrc file) to restart automatically once a month? Thank you. --Keifer ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 0x148EEF26.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays