SSL cert autorenew issue

4 posts / 0 new
Last post
#1 Tue, 09/24/2019 - 11:03
omega1

SSL cert autorenew issue

Hi there,

The autorenew has started to fail on my virtualmin instance, had been working fine up until now. I only found out when I visited my site. When I log in it tells me the cert has expired, if I try and renew, I get this...

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/mydomain.conf)

What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
** Invalid input **
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): An unexpected error occurred:
EOFError: EOF when reading a line

It looks like its expecting an input but of course it's an automated process. To be clear, the cert has definitely expired, so not sure why it says it hasn't

What command would it be trying to run so that I can input it myself and respond to the prompt accordingly?

Or ideally, what can be done to fix this permanently?

Thank you. Please see the logfiles in /var/log/letsencrypt for more details.

Tue, 09/24/2019 - 14:26
scotwnw

I just ran into that as well. Its still sees a cert even after I deleted them from /home/domain. Not sure if this is the issue but the dates on the certificate file in home/domain where not all new. Tried deleting them but same error. So...certbot is still seeing a "not out of date" cert in letsencrypt folder but for some reason not all the certificate files in /home/domain matched properly after my last auto update.

I had to run certbot command manually with delete option to remove the cert from the letsencrypt folder. Goto cmd line, certbot --help will give you hint as to how to delete. I used 'certbot delete --cert-name domain.com' and for www.domain.com as well.

Then run 'certbot certificates' to be sure all problem ones are gone.

Then have virtualmin reissue the ssl cert for the domain. Should work after removing old/confused certs.

Wed, 09/25/2019 - 09:15
scotwnw

FWIW, another of my certs came up today as expired and unable to renew with the same error as the original poster above. Manually removed it via cmd line with certbot cmd, then requested new via virtualmin and all worked. So existing ones in letsencrypt folder need to be removed manually for some reason now.

Fri, 09/27/2019 - 07:24
omega1

Hi, many thanks for your responses here, I manually deleted the certs and Virtualmin successfully renewed them.

Thank you.

Topic locked