Letsencrypt renew issue

5 posts / 0 new
Last post
#1 Tue, 06/27/2017 - 13:32
pesja

Letsencrypt renew issue

Hello,

About 3 month's ago I activate SSL on several domains and added Let's Encrypt to them. I set the 'months between automatic renewal' to 2 months. I only associated the domain.com and www.domain.com with the server.

Now, after 2.3 months (time since last renewal) there was no automatic renewal and the button 'Only Update Renewal' seems also not working. the renewal stays at 18th july and no 2 months ahead.

I also tried # sudo certbot renew

This command return 'now renewal were attempted'

But it should, because it has about 20 days left!!

Server is Centos 7.3 with no special configuration.

What went wrong? Please help me.

Many thank's in advance!!

Sat, 07/08/2017 - 13:40
ksihota

Did you resolve your problem?
Were you receiving error emails?
I'm not positive but I believe the 'Only Update Renewal' button is for turning on and off the renewal option and does not attempt any actual renewal.

My certificate came up for renewal last night and since then I have been receiving the following error every 5 minutes (emails.)

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying mydomain.com...
Traceback (most recent call last):
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 235, in <module>
    main(sys.argv[1:])
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 231, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
  File "/usr/libexec/webmin/webmin/acme_tiny.py", line 171, in get_crt
    raise ValueError("Gave up waiting for valiation")
ValueError: Gave up waiting for valiation

I disabled the automatic renewal in order to stop the email errors but have not been able to figure out why LetsEncrypt will not renew the certificate.
I have verified that the .well-known/acme-challenge/ directory is accessible to the internet and that it is writable. I have also made sure that I have shut off any redirects to https:// so Letsencrypt should not be having any problem accessing the .well-known directory.
I have tried runnng the renewal manually and get the same error.

Operating system CentOS Linux 7.3.1611
Webmin version 1.850
Usermin version 1.720
Virtualmin version 5.99
Theme version Authentic Theme 18.49-8
Firewall version ConfigServer Security & Firewall 10.14 
Sat, 07/08/2017 - 14:17
ksihota

I just noticed that the list for domains in the 'Request Certificate for' option was displaying 2 new domains (autoconfig.domain.com autodiscover.domain.com) which I hadn't noticed before.
I switched to the 'Domain names listed here' option and just entered domain.com and www.domain.com and the renewal worked as expected.
I think the autoconfig and autodiscover options were added when I added the auto configuration in the mail setup for the domain.

Sun, 07/07/2019 - 20:40
midol

I disabled the automatic renewal in order to stop the email errors but have not been able to figure out why LetsEncrypt will not renew the certificate.

How did you do that, I can't find the option.

Wed, 07/10/2019 - 00:10
ksihota

Lots of changes in 2 years. I can't even remember what I was doing then. I believe that there were 2 ways to choose domains to have certificates identified for your account. One was to leave the auto and the other was to specifically set the domains. The Auto method names that I did not need certificates for and appeared to be failing because these were not set up properly to verify the domain name. I switched to the manual method (type in the domain your want the certificate for) and only specified the basic ones I needed. it worked fine after that. Sorry but that's about all I can recall from 2 tears ago.