Hi!
I set up Let’s Encrypt some months ago and I just received the following mail:
Hello,
Your certificate (or certificates) for the names listed below will expire in 9 days (on 25 Oct 16 13:21 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can’t provide support by email.
[…]
Is it OK? Have I something to do?
Thanks
I’m assuming that you’re using the Let’s Encrypt template. If so, can you check your cron job by running the following commands?
./launcher enter app
cat /var/spool/cron/crontabs/root
You should see a cronjob for Let’s Encrypt cert renewal. Try running the commands there.
Hi,
Here is what I get:
# cat /var/spool/cron/crontabs/root
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (- installed on Fri Jul 29 20:52:11 2016)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
It should be executed automaticaly, doesn’t it?
Here is the result when I execute it:
root@forum-app:/var/www/discourse# /shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt
bash: /shared/letsencrypt/acme.sh --cron --home /shared/letsencrypt: No such file or directoryI have a certificate expiry due tomorrow (17-10-2016).
When is the renewal actually happening? What triggers it?
What does ls /shared/letsencrypt give you?
This is what I get when I execute the command in cron
root@cockpit-app:/var/spool/cron/crontabs# "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt"
[Mon Oct 17 02:49:08 UTC 2016] Renew: 'myawesomedomain.com'
[Mon Oct 17 02:49:08 UTC 2016] Skip, Next renewal time is: Sat Nov 26 06:34:27 UTC 2016
[Mon Oct 17 02:49:08 UTC 2016] Add '--force' to force to renew.
[Mon Oct 17 02:49:08 UTC 2016] Skipped myawesomedomain.com
The cron script handles renewal and it checks daily to see if the cert needs to be renewed.
Yes, I get that - but when does this exactly happen?
The renew script should run daily and generate a new cert when it’s 30 days from expireing. If your cert is to expire today or has already expired, what I would do is
./launcher rebuild appI did a rebuild on October 16th, and just checked my .cer files and noticed that they where dated at 16-10-2016. The the certs were most likely renewed by the rebuild, but the cron job did not perform.
I am again 9 days into the expiration of the certificate (different site), and the .cer files time stamp is from October.
So apparently the auto-renewal is not working?
Are you saying that the cert expired 9 days ago, or 9 days from now. If it’s the former, you should do a rebuild. If it’s the latter, wait a couple more days, it’ll probably work.
Holy crap! Time-stamps updated over night, now showing today (13th). This is the first time I witness the auto-renewal to actually work. Awesome!
And I was about to expire in 9 days.
I am also facing the same issue, please let me know the solution.This is what I am getting
Should I wait for feb 1 or should I go ahead and force the renewal
I’d wait a few days and on or about January 30 do a ./launcher rebuild app, but you probably won’t need to.
@Neilpang do you know how any days before expiry does acme.sh renews the cert? LE sends the first renewal notice 20 days before the expiry so we probably want to renew via the form job before that?
Hi @tgxworld
We used to renew the cert for every 80 days. but later we changed to renew the cert every 59 days.
Since the Letsencrypt changes to notify the expiry evey 60 days.
So, from this renewal, your cert will be renewed every 59 days, just one day before the expriy email.
Don’t worry.
Above, I suggested that not worrying is good advice.
But people who want not to get scary emails need to rebuild, right?
If they installed letsencrypt before the LE update and haven’t upgraded it are on the 80 day schedule, right? And since lets encrypt isn’t handled by docker_manager, the only way to get that upgrade is to do a rebuild, right?