Disable automatic renewal of Lets encrypt

Discussion in 'Server Operation' started by Shyciii, Apr 22, 2024.

  1. ztk.me

    ztk.me Well-Known Member HowtoForge Supporter

    yeah don't worry no need to. I was stoopid, they all refer to ( obviously ) the fastcgi start files for php fpm, so uhm keeps me wondering what could have removed the chattr

    edit: ahhh
    public function set_immutable ...
    if($enable === false && $recursive === true && is_dir($path)) {
    // only allow when removing immutable
    $this->exec_safe('chattr -R -i ?', $path);

    still, from where though
    I'd add some debug, better notice logging to that function or ist run with no logger and echo gets forwarded to ispconfig log @till ?

    or does acme also respect chattr?
    Last edited: Apr 22, 2024
  2. ztk.me

    ztk.me Well-Known Member HowtoForge Supporter

    I assume it is not ISPconfig but acme.sh indeed.
    And as you are unsure wether the cert-configuration has been fixed/updated/removed with your previous action ( do you have a backup of /etc, snapshot anything to check? if not, why not ^^ ) and the configuration does not list a cert for the domain... maybe we really have to wait
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Let's Encrypt client would overwrite the certificate every 60 days. The certificate lifetime is 90 days, and client
    renews it when less than 30 days are left. The certificate expires after 90 days, so maybe somebody noticed and renewed it manually?

    You do not say what certificate this is.
    If it is for a website, is Let's Encrypt ticked in the Website Settings?
    If certificate is for the hostname -f of the server, it is created at installation or by ispconfig_update.sh when choosing create new certificate.
    If the directory /etc/letsencrypt exists, it seems cerbot is installed or was installed in the past. Do you know if this is the case? What shows
    apt policy certbot
    If you follow instructions from https://forum.howtoforge.com/threads/please-read-before-posting.58408/
    the generated report has at the very end info on what Let's Encrypt client is installed.

    I do not understand what you mean there. Are you using letsencrypt for something on that host? Why strangely?

    You may have both acme.sh and certbot installed (which would be bad, likely messing the certificates). Since acme did not list the certificate, try if certbot has it:
    cerbot certificates
    If a certificate was created with Let's Encypt client, it is renewed until the certificate is deleted or removed from the client. The client has command for doing the deleting or removing.
    ahrasis likes this.

Share This Page