Virtualmin trying to renew Let's Encrypt cert too early

I posted originally here but I think it may have been the wrong place https://www.virtualmin.com/node/67264

The problem is that virtualmin is trying to renew a lets encrypt cert but is getting the error: "You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry."

I think the cause may be that I used certbot to renew some certs outside of virtualmin.

I think the problem may be that virtualmin stores the expiry date somewhere rather than checking the actual cert, and this has become out of sync.

Any ideas if/where these dates are stored and how I can get them back in sync?

Cheers :)

Status: 
Fixed (pending)

Comments

I ran into this also. Looks like virtualmin looks at certs in the home/domain folder but when certbot runs it sees the left over cert in /etc/letsencrypt/something. The 3 cert file dates dont all correspond either. Like a partial renew may have happened previously? The error is from certbot seeing the cert in the letsencrypt folder. Why all of a sudden virtulmin isn't deleting those or why it started needed to be deleted. Not sure.

The next release of Webmin will fix this by forcing an renewal, even if it's not close to expiry.

Thanks for the info, and awesome news of the fix! :) When will the next release be out? I'm wondering whether to clean up manually or wait so we can confirm the fix has sorted it?

Thanks. Curious, the patch failed as I didn't have --keep-until-expiring so I just added --force-renewal manually.

It fixed it, the renewals are completing now :) thanks