[BlueOnyx:20620] Re: Letsencrypt bug

[Michael Stauber]

Hi Steffan,

> /usr/sausalito/sbin/letsencrypt_autorenew.pl
> 
> If I add:
>
> &debug_msg("$renew_time\n\n");
>
> &debug_msg(time());
>
> Im getting:
>
> 1487577986
>
> 1485851631

What you have there are two Unix time() stamps. They represent date and
time. So when we make them human readable, we get this:

Renew time: 	1487577986 = 20.02.2017 09:06:26
Current time:	1485851631 = 31.01.2017 09:33:51

How is the $renew_time defined? You define it in the GUI when you
request a certificate. By default the GUI will request a 90 day
certificate and the $renew_time will be set for 60 days. So you get a
nice and comfortable 30 day window between the start of the first
autorenew attempt and the expiry date of the certificate.

But if you request a 90 day certificate and set the autorenew to 90
days, then you obviously have a gap of at least one day between the
expiry of the cert and the first renewal attempt. Because the cronjob
for this only runs once a day at about 4:30-4:45 in the morning.

Auto-Renew is working exactly as intended. It renews at (or after) the
date you specified in the GUI. So please check if the renewal date in
the GUI for that SSL certificate makes sense and if it's set to the
standard 90 day cert with renewal after 60 days.

If it is not, then it might be best to request another LE certificate
through the GUI instead. This time with the standard values for validity
and renewal.

-- 
With best regards

Michael Stauber