[BlueOnyx:20621] Re: Letsencrypt bug

[Steffan]

Hm my mistake
I read that as how long the certs must be registerd.
Will change it thanxs


-----Oorspronkelijk bericht-----
Van: Blueonyx [mailto:blueonyx-bounces at mail.blueonyx.it] Namens Michael
Stauber
Verzonden: dinsdag 31 januari 2017 15:49
Aan: BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it>
Onderwerp: [BlueOnyx:20620] Re: Letsencrypt bug

Hi Steffan,

> /usr/sausalito/sbin/letsencrypt_autorenew.pl
> 
> If I add:
>
> &debug_msg("$renew_time\n\n");
>
> &debug_msg(time());
>
> Im getting:
>
> 1487577986
>
> 1485851631

What you have there are two Unix time() stamps. They represent date and
time. So when we make them human readable, we get this:

Renew time: 	1487577986 = 20.02.2017 09:06:26
Current time:	1485851631 = 31.01.2017 09:33:51

How is the $renew_time defined? You define it in the GUI when you request a
certificate. By default the GUI will request a 90 day certificate and the
$renew_time will be set for 60 days. So you get a nice and comfortable 30
day window between the start of the first autorenew attempt and the expiry
date of the certificate.

But if you request a 90 day certificate and set the autorenew to 90 days,
then you obviously have a gap of at least one day between the expiry of the
cert and the first renewal attempt. Because the cronjob for this only runs
once a day at about 4:30-4:45 in the morning.

Auto-Renew is working exactly as intended. It renews at (or after) the date
you specified in the GUI. So please check if the renewal date in the GUI for
that SSL certificate makes sense and if it's set to the standard 90 day cert
with renewal after 60 days.

If it is not, then it might be best to request another LE certificate
through the GUI instead. This time with the standard values for validity and
renewal.

--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx