Hi My site installed LE SSL, but when it expired ISPconfig did not auto renew it causing my site down. I have to manually uncheck and check the LE SSL again. How to enable LE SSL auto renewal?
With ISPConfig Let's Encrypt renews ceritificates automatically. There is nothing to do to enable this. And Let's Encrypt itself renews the certificates automatically. You need to debug why LE is not working correctly on your host: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
I checked the log /var/log/letsencrypt, and see this. I am not sure if this is the cause. :certbot.cli:You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages. Do I need to setup any cron job for LE SSL auto renew? or ISPconfig will handle it? I tried to update the certbot, but seem no need to update. yum update certbot Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * elrepo: mirror-hk.koddos.net * elrepo-kernel: mirror-hk.koddos.net * nux-dextop: mirror.li.nux.ro base | 3.6 kB 00:00:00 elrepo | 2.9 kB 00:00:00 elrepo-kernel | 2.9 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 nux-dextop | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/7): epel/x86_64/group_gz | 95 kB 00:00:00 (2/7): elrepo/primary_db | 374 kB 00:00:00 (3/7): epel/x86_64/updateinfo | 1.0 MB 00:00:00 (4/7): extras/7/x86_64/primary_db | 206 kB 00:00:00 (5/7): epel/x86_64/primary_db | 6.9 MB 00:00:00 (6/7): updates/7/x86_64/primary_db | 3.8 MB 00:00:00 (7/7): elrepo-kernel/primary_db | 1.9 MB 00:00:00 Package(s) certbot available, but not installed. No packages marked for update
You do not say what OS you are running. Follow these instructions: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ If the OS does not have newer version of certbot, uninstall the certbot you installed from the OS repositories and download certbot-auto from Let's Encrypt website. Then execute the certbot-auto script to install latest certbot.
thank you. I reinstalled, and now will need to wait to see auto renewal working or not. there is no way to test this except waiting for next expired date I think.
Read letsencrypt log to see if it checks the renewals. It should say not yet due for renewal or similar.
In Aug I reinstalled, and now about 3 months, I received email from letsencrypt that my SSL expiring in 10 days. which means auto renewal is still not working. I run commend "less letsencrypt.log" to see the latest log, and the last log date is 16 Aug 2020.
Go through the Let’s Encrypt FAQ: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
And have a look into the ispconfig database, table sys_cron, any cronjobs marked as running with an old last run date?
I forgot adding the cron job. I added below. * 3 * * 6 certbot-auto renew && systemctl restart httpd.service >> /var/log/ispconfig/cron.log; done
