Let's encrypt certificates auto renewal

Discussion in 'Server Operation' started by Leo Venturini, Sep 7, 2018.

  1. Leo Venturini

    Leo Venturini New Member

    Hello, I'm using Ispconfig 3.1.13 and I manage websites SSL Let's Encrypt certificates through Ispconfig interface. I have not set up a certbot automatic renewal script, my oldest LE certificate is going to expire and I wonder if Ispconfig will handle automatic renewal by itself
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig takes care to renew the certs. It runs certbot every night with --renew option.
     
  3. Leo Venturini

    Leo Venturini New Member

    Thank you Till, I would have bet on it but I couldn't find no explicit mention in the 3.1 Manual nor in the forum.
    I just checked some of the domains certificates and the Ispconfig auto renewal is working great (like the rest of this GREAT piece of sw).

    The fact is that today I received the LE email message "Let's Encrypt certificate expiration notice" for that domain (10 days to expiration) but running "certbot-auto certificates" shows for that domain "Expiry Date: 2018-12-03", so it seems to be a LE issue
    thanks
     
    till likes this.
  4. ahrasis

    ahrasis Well-Known Member

    You could have double or more certs for one domain. Check by running 'ls /etc/letsencrypt/*/domain.tld*" for that domain as sometimes new folder for that domain is created ending with 0001 etc and it certs might not have been properly symlinked to your site's ssl folder.

    I personally would delete all letsencrypt folder and file with that domain name if I faced such a problem. Running "rm -rf /etc/letsencrypt/*/domain.tld*" before requesting new certs will normally resolve my problem.
     
  5. Leo Venturini

    Leo Venturini New Member

    thank you ahrasis, I checked and there are no duplicate folders for the domain in /etc/letsencrypt.
    since it is not a production domain but a development one I'm going to wait until the supposed expiration date and see if LE will send any more messages and the certificate will keep on working
     

Share This Page