[BlueOnyx:22601] Re: Letsencrypt auto-renew failures in 5209R
Michael Stauber
mstauber at blueonyx.it
Mon Jan 21 12:01:01 -05 2019
Hi Brent and Colin,
> We've been seeing consistent SSL auto-renew failures with some of our
> vsites on 5209R. There are no entries for the sites with expired certs
> in the letsencrypt log or any of the archived logs, so it appears that
> the attempt is not even being made for these sites. When renewed by
> hand in the BX GUI, the sites renew without error.
I can confirm the problems. The GUI renewal works, but the cronjob just
craps out for one reason or other.
No, it's not PHP related, as the expiry time calculation is done via a
Perl-Script in the cronjob itself. That script reads the expiry date
from the actual certificate and compares it with the specified validity
set for that cert in the GUI (default: 60 days). If the cert then is due
to expire within the next 30 days (or already expired) it ought to
trigger the renewal.
Which it sometimes doesn't. Or the cronjob gets stuck, doesn't fire or
the bloody Python script from LE itself (LE Certbot) craps out.
I've had it up to the chin with that bloody Python contraption from LE
itself. Python is just plain and simply hipster-shit. The other day I
replaced a 500 line Python script (with exotic dependencies that would
only work on Python 2.7!) with a Perl script of five lines.
So ... the LE renewal stuff will be thrown out within the next three
days and it gets replaced with something simpler that just works.
Without exotic dependencies.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list