LetsEncrypt Auto Renewal Failure

Discussion in 'Installation/Configuration' started by razor7, Jul 28, 2016.

  1. razor7

    razor7 Member

    Hi! Today I'm getting issues with my LetsEncrypt cert, it seems that ISPConfig failed to update cert...

    it.xxxxxxxx.com.ar uses an invalid security certificate.
    The certificate expired on 27/07/16 19:12. The current time is 28/07/16 09:16. Error code: SEC_ERROR_EXPIRED_CERTIFICATE


    Any ideas on how to solve this?

    This is the last ISPConfig cron log regarding LetsEncrypt: It seems that the job is run at 03:00 AM, it's posible to change that time and do the upgrade at 01:00PM? Because this is a test server and runs only during daytime.

    jue jul 28 09:34:02 ART 2016 Included cronjob_letsencrypt from /usr/local/ispconfig/server/lib/classes/cron.d/900-letsencrypt.inc.php -> will now run job.
    jue jul 28 09:34:02 ART 2016 Called run() for class cronjob_letsencrypt
    jue jul 28 09:34:02 ART 2016 Job has schedule: 0 3 * * *
    jue jul 28 09:34:02 ART 2016 Called onPrepare() for class cronjob_letsencrypt
    jue jul 28 09:34:02 ART 2016 Called onBeforeRun() for class cronjob_letsencrypt
    jue jul 28 09:34:02 ART 2016 Jobs next run is 2016-07-29 03:00:00
    jue jul 28 09:34:02 ART 2016 Date compare of 1469772000 and 1469709241 is -1
    jue jul 28 09:34:02 ART 2016 Called onCompleted() for class cronjob_letsencrypt
    jue jul 28 09:34:02 ART 2016 run job (cronjob_letsencrypt) done.
    jue jul 28 09:34:02 ART 2016 finished.

    Thanks!
     
    Last edited: Jul 28, 2016
  2. tom

    tom Member

    I've the same strange date resuts. And after i've created letsencrypt ssl cert with ispconfig 3.1 the apache went down. :-(
     
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You can run a renew command manually; and in fact you might well have to just do that in a daily cronjob if your server isn't on when the ispconfig cronjob is scheduled to run. That should be simply 'letsencrypt -n renew' or ('certbot -n renew') followed by reloading your web server.
     
    Last edited: Jul 28, 2016
  4. razor7

    razor7 Member

    Great!!!

    In my Ubuntu 16.04 server I have created a little bash script in /root folder like this

    #!/bin/bash

    /root/.local/share/letsencrypt/bin/letsencrypt -n renew
    service apache2 reload

    Then in the root crontab I have added
    @reboot /root/letsencrypt-cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/letsenrcypt-cron.log; done
    Every time the server restarts, will check for LE renewal and save log to /var/log/ispconfig/letsenrcypt-cron.log
     
    Jesse Norell likes this.

Share This Page