ISP letsencrypt certs expiration

Discussion in 'Installation/Configuration' started by Poliman, Jan 23, 2018.

  1. Poliman

    Poliman Member

    I have a big problem. On my server with ISP 3.1.11 and Ubuntu 16.04 LTS I have few websites. Each of them has own LE SSL cert. Unfortunately after default expiration time, cert is not automatically renewed. I suppose it should be. If need more config info please tell me.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Uncheck the LE checkbox of the site, save, check it again, save. Does it stay checked and do you get a new updated cert then?
     
  3. Poliman

    Poliman Member

    Unfortunatelly I didn't check it this time, but would be nice if they would update automatically. :)
    When I get this problem I do:
    1. Uncheck LE and SSL cheboxes.
    2. Remove in /etc/letsencrypt/live, /etc/letsencrypt/archive and /etc/letsencrypt/renew directories belongs to particular domain
    3. Check LE and SSL checkboxes. After while I have generated new ssl cert, which works.

    PS
    Additional thing:
    I have main domain example.com and alias (vhost) for this domain alias.example.com. I check both LE SSL and SSL and click save button. After while - when red circle disappear - I go into config of this alias vhost and both checkboxes are unchecked. For main domains there is no problem. Can it be caused by changing dns entries to new (this one where I try create LE certs) server? This is some hypothesis, because I also can't provide LE cert for example.com domain.
     
    Last edited: Jan 24, 2018
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    They get updated automatically. Unless it's impossible to update them e.g. because you changed dns records of domains included in the cert to another server or similar problems. That's why I asked you to disable and re-enable the cert, if that's not possible, then a renewal is not possible as well and you should take a look at the letsencypt.log file to see why letsencrypt can't renew or create that cert.
     
  5. Poliman

    Poliman Member

    Thank you Till for answers.
    1. Domain which cert expired is deployed on the server from more less half year. I didn't change any dns entries, because I didn't have to. And in this case cert wasn't automatically renewed. I didn't check it this time - I mean I didn't "uncheck" checkbox and check it again, because I just removed three directories related to particular domain.
    2. In second case from PS I have problem, because alias vhost is newly created like main domain and this time I changed dns for both, besides alias vhost and main domain have LE certs on old server. I can only check SSL tab and after save this checkbox will be checked but LE SSL going uncheck.;)

    Of course I can put some section from the letsencrypt.log file. :)
    I do some research:
    Code:
    [email protected]:/var/log/letsencrypt# service letsencrypt status
    ‚óŹ letsencrypt.service
       Loaded: not-found (Reason: No such file or directory)
       Active: inactive (dead)
    
    Wow, how is it possible? This is the reason probably.

    PS
    Strange thing... After maybe 8 times, finally LE SSL checkbox worked for main domain. I try this mentioned earlier alias vhost but still without success...

    PS2
    Finally, on alias vhost - after many tries (turn on ssl -> save -> wait for propagate changes -> edit again -> then le ssl -> save probably helped this time but for another alias vhost with this same problem it does not help). I don't get it why I need click many times to get certs and why service is still dead...
    Till, could you also check my last post here https://www.howtoforge.com/community/threads/pb-disk.77663/#post-367549 ?
     
    Last edited: Jan 24, 2018
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    letsencrypt is not a service. Take a look into the letsencryp.log file, not call the service command. You can look into a log file with a text editor or tail command or cat command, not the service command.
     
  7. Poliman

    Poliman Member

Share This Page