How to change letsencrypt renewal setting from manual to automatic

I have set up letsencrypt certs on three virtual servers. In each case I failed to change the "Months between automatic renewal" setting from "Only renew manually" to some number of months.

I would like these certs to auto renew.

Is there a way to change the configuration for these certs to auto renew without requesting another cert?

What is the optimal/max number of months that can be entered in the "Months between automatic renewal" setting?

Thanks for helping.

Status: 
Active

Comments

Howdy -- sure, you can set that by going into Server Configuration -> Manage SSL Certificate -> Let's Encrypt, and there, set "Months between automatic renewal" to your preferred number of months.

The certificate will expire after 3 months. I personally generally choose 2 months.

Won't that result in a request for and installation of another cert?

Hrm, looking at that again, you may be right.

If that's a problem, you could always wait until it's time to renew, and at that time, manually renew and also change the automatic renewal settings at the same time.

However, is there a problem with obtaining a new SSL cert? In most cases it wouldn't actually matter if you are issued a new one.

I don't know enough about letsencrypt to know if it is a problem requesting a new certificate so soon after getting an initial one.

I see a reference in https://www.virtualmin.com/node/40998 to removing or modifying "letsencrypt_renew" lines. Would adding such lines solve my problem without doing something that involves requesting a new cert?

Note that in the next Virtualmin release, it will be possible to change the Let's Encrypt renewal period for domains that already have a cert.

Hi JamieCameron. Has there been a release for this since your ticket? So can we now change the settings, as I would like to. I could not find much documentation about Virtualmin LetsEncrypt so have entered 12 months for renewal thinking this will set the expire time, but I gather this is wrong and need to change it for all SSLs. Thanks

I have found it, just go back into the Manage SSL settings for Lets Encrypt where you installed it and can change there.

It would be good to be able to see a list of all domains using LetsEncrypt as I cant remember which ones I setup with 12 months now.

Nice idea, however we don't have a way of doing this easily in the current UI or API.

You can use the Virtualmin command-line API to turn on automatic renewal for multiple domains, with a command like :

virtualmin modify-web --all-domains --letsencrypt-renew 2

How to manually renew a certificate ?

You can see a list of all options by running the command "virtualmin modify-web". The option "--no-letsencrypt-renew" should do what you want there.