[BlueOnyx:22968] Re: letsencrypt certificates error
Michael Stauber
mstauber at blueonyx.it
Wed Jun 26 12:24:51 -05 2019
Hi Maurice,
> The renewal script for letsencrypt was being scheduled by cron:
> cron:Jun 26 03:36:08 vps run-parts(/etc/cron.daily)[19096]: finished
> letsencrypt.cron
>
> I manually ran "/usr/sausalito/sbin/letsencrypt_autorenew.pl -a" which
> confirmed that all certificates were not expired.
> NOT renewing SSL certificate for 'AdmServ' as it's still good.
> (expiration date: 2019-08-24T21:30:28)
>
> I am wondering how this can be prevented in the future. I have
> letsencrypt certificates running for a long time, but this is the first
> time this situation happened to me.
When the Cronjob runs the auto-renewal it does the exact same things
that would run if you requested a new cert via the GUI. Meaning: The
CODB-Database-Fields get populated, the handler runs and if a valid cert
was generated, it will be installed. If a valid AdmServ cert was
generated, it'll copy the certs to AdmServ, Sendmail, Proftpd and
Dovecot as well.
So this is fully automated and hasn't needed any tweaks in quite some
time. We just re-added a cronjob that now makes sure that the expiration
checker indeed runs daily.
So what might have gone wrong? It *did* request and received a new
AdmServ cert. But it was only copied to AdmServ and not the other
services? My guess is that the script that does these jobs got
interrupted and that it was a one off error.
If it happens again, then it might be something else.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list