Let's Encrypt suggest to renew after 60 days. I tend to think ISPC implemented it that way as well, but haven't checked.
ISPConfig runs letsencrypt once every night with the "-n renew" option, so the certs get renewed automatically.
In case you checked the ssl certs in the browser only, try to restart apache / nginx, then reload the web page and check again.
Here is the daily logfile. Also the letsencrypt is outdated? Code: 2016-12-15 02:00:02,171:DEBUG:certbot.main:Root logging level set at 20 2016-12-15 02:00:02,171:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2016-12-15 02:00:02,171:WARNING:certbot.cli:You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages. 2016-12-15 02:00:02,171:DEBUG:certbot.cli:Deprecation warning circumstances: /root/.local/share/letsencrypt/bin/letsencrypt / {'LANG': 'de_DE.UTF-8', 'SHELL': '/bin/sh', 'SHLVL': '3', 'PWD': '/usr/local/ispconfig/server', 'LOGNAME': 'root', 'HOME': '/root', 'PATH': '/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin', '_': '/root/.local/share/letsencrypt/bin/letsencrypt'} 2016-12-15 02:00:02,171:DEBUG:certbot.main:certbot version: 0.9.3 2016-12-15 02:00:02,171:DEBUG:certbot.main:Arguments: ['-n'] 2016-12-15 02:00:02,171:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#nginx,PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null) 2016-12-15 02:00:02,179:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,182:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,185:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,187:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,188:WARNING:certbot.renewal:renewal config file {} is missing a required file reference 2016-12-15 02:00:02,188:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/tresor.MYDOMAIN.de.conf is broken. Skipping. 2016-12-15 02:00:02,189:DEBUG:certbot.renewal:Traceback was: Traceback (most recent call last): File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 62, in _reconstitute full_path, configuration.RenewerConfiguration(config)) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/storage.py", line 242, in __init__ "file reference".format(self.configfile)) CertStorageError: renewal config file {} is missing a required file reference 2016-12-15 02:00:02,191:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,194:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,197:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,199:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,201:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,204:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,206:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,208:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,211:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,213:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,216:INFO:certbot.renewal:Cert not yet due for renewal 2016-12-15 02:00:02,217:DEBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 776, in main return config.func(config, plugins) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 592, in renew renewal.renew_all_lineages(config) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 365, in renew_all_lineages len(renew_failures), len(parse_failures))) Error: 0 renew failure(s), 1 parse failure(s)/var/www/clients/client1/web19/web:/var/www/clients/client1/web19/private:/var/www/clients/client1/web19/tmp:/var/www/MYDOMAIN.de/web:/srv/www/MYDOMAIN.de/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin
Code: 2016-12-15 02:00:02,188:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/tresor.MYDOMAIN.de.conf is broken. Skipping. There's a problem with your configuration file.
ah. sorry. here is the anonymized file. www.MYDOMAIN.de ist adequat to tresor.MYDOMAIN.de in the posts above. the error also occures for www. MYDOMAIN.de Code: # renew_before_expiry = 30 days version = 0.9.3 cert = /etc/letsencrypt/live/www.MYDOMAIN.de/cert.pem privkey = /etc/letsencrypt/live/www.MYDOMAIN.de/privkey.pem chain = /etc/letsencrypt/live/www.MYDOMAIN.de/chain.pem fullchain = /etc/letsencrypt/live/www.MYDOMAIN.de/fullchain.pem # Options used in the renewal process [renewalparams] account = cfb4016996f0673b68a1697b962b7880 authenticator = webroot rsa_key_size = 4096 installer = None [[webroot_map]] www.MYDOMAIN.de = /usr/local/ispconfig/interface/acme
Code: # renew_before_expiry = 30 days version = 0.9.3 cert = /etc/letsencrypt/live/mydomain.de/cert.pem privkey = /etc/letsencrypt/live/mydomain.de/privkey.pem chain = /etc/letsencrypt/live/mydomain.de/chain.pem fullchain = /etc/letsencrypt/live/mydomain.de/fullchain.pem # Options used in the renewal process [renewalparams] account = cfb4016996f0673b68a1697b962b7880 server = https://acme-v01.api.letsencrypt.org/directory authenticator = webroot rsa_key_size = 4096 installer = None webroot_path = /usr/local/ispconfig/interface/acme, [[webroot_map]] mydomain.de = /usr/local/ispconfig/interface/acme www.mydomain.de = /usr/local/ispconfig/interface/acme when i make ./certbot-auto renew --dry-run i get this for all domains Code: ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/mydomain.de.conf ------------------------------------------------------------------------------- Cert not due for renewal, but simulating renewal for dry run Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for mydomain.de http-01 challenge for www.mydomain.de Waiting for verification... Cleaning up challenges Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge Generating key (4096 bits): /etc/letsencrypt/keys/0104_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0104_csr-certbot.pem what does this bold error msg mean? in this directory is only one file that is called empty.dir
Hi, also it is not possible to renew the certs manually with certbot-auto -n renew --force-renew. The new files are created but Letsencrypt counts up the files that it creates: cert1.pem, cert2.pem and so on. but in /var/www/mydomain.de/ssl the symlinks show to the first generated file in /etc/letsencrypt/archive/mydomain.de e.g. cert1.pem and not to the last generated cert3.pem
in the first post with the .conf file there's the server and webroot entries missing. Maybe you can manually add them again? (also make backup of current .conf file first).
ok. forget that domain i have deleted it. perhaps i bugged something. 1.) the certs are all renewed when i do certbot-auto -n renew --force-renew. and the filenumbers counts then up 1.2.3... in archive folder. the symlinks from ispconfig to these new files in /var/www/mydomain.de/ssl/ are not updated to the new cert in archive. obviously it would be better for ispconfig to set the symlink to the live folder. 2.) 10 days to expiry and in the log files is 2016-12-15 02:00:02,199:INFO:certbot.renewal:Cert not yet due for renewal is this normal behaviour? 2.) How can i reinstall letsencrypt from the scratch without destroying the ispconfig installation and my websites? Obviously i must disable SSL and Letsencrypt for all websites before. But which files and directories a have to delete to build lets encrypt and cdrtbot from the scratch? Must i delete the content of the ssl folder in var/www/mydomain.de/ssl also?
nope. they go to the archive folder. Also for new ssl sites i setup 5 minutes ago. are your symlinks in /var/www/website/ssl refer to the live folder?