Let's Encrypt not renewing certificates

Discussion in 'Server Operation' started by anark10n, Nov 25, 2022.

  1. anark10n

    anark10n Member

    Hey there
    So, I had the following errors in my /var/log/ispconfig/acme.log for all sites that I host (except the last 2 lines, those appeared only at the end of the file):
    Code:
    [Fri 25 Nov 2022 12:15:05 AM UTC] di='/root/.acme.sh/example.com/'
    [Fri 25 Nov 2022 12:15:05 AM UTC] d='example.com'
    [Fri 25 Nov 2022 12:15:05 AM UTC] _renewServer
    [Fri 25 Nov 2022 12:15:05 AM UTC] Using config home:/root/.acme.sh
    [Fri 25 Nov 2022 12:15:05 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Fri 25 Nov 2022 12:15:05 AM UTC] DOMAIN_PATH='/root/.acme.sh/example.com'
    [Fri 25 Nov 2022 12:15:05 AM UTC] Renew: 'example.com'
    [Fri 25 Nov 2022 12:15:05 AM UTC] Le_API='https://acme-v02.api.letsencrypt.org/directory'
    [Fri 25 Nov 2022 12:15:05 AM UTC] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
    [Fri 25 Nov 2022 12:15:05 AM UTC] Using config home:/root/.acme.sh
    [Fri 25 Nov 2022 12:15:05 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Fri 25 Nov 2022 12:15:05 AM UTC] Skip, Next renewal time is: 2022-12-23T00:40:58Z
    [Fri 25 Nov 2022 12:15:05 AM UTC] Add '--force' to force to renew.
    [Fri 25 Nov 2022 12:15:05 AM UTC] Return code: 2
    [Fri 25 Nov 2022 12:15:05 AM UTC] Skipped example.com
    [Fri 25 Nov 2022 12:15:05 AM UTC] _error_level='3'
    [Fri 25 Nov 2022 12:15:05 AM UTC] _set_level='2'
    I was able to resolve it by updating ispconfig to the latest version with the update script, but would like to know what might be the cause of this if possible.
     
    Last edited: Nov 25, 2022
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The log you posted does not show any errors, it just tells you that the certificates are up to date and not due for renewal yet.
     
  3. anark10n

    anark10n Member

    Ah, i'm not familiar with let's encrypt logs. Where would i look for those kinds of error logs then?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The log itself is the right file, but the log portion you posted does not inform about an error, it just shows that acme.sh checked the files and that no renewal action was required.
     
  5. anark10n

    anark10n Member

    Then I'm kind of at a loss here, because all the sites that needed renewal look exactly like that (one of them being the site for the ispconfig control panel) :(. I'll wait and see if it happens again, and see if I can post more appropriate logs. Thanks for your time anyway.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe just the restart of the web server failed (did not happen) after renewal for whatever reason, as an ISPConfig update is not updating website SSL certs anyway, so if an ISPConfig update fixed your issue, then the problem was not the cert renewal.
     

Share This Page