How to force auto renew via CLI command?
My Host Cert will expire on August 18.
Do you have more detail than that? Error logs?
That’s all I got from Email.
And I just verify it by looking at my certificate, and it’s not being updated/renew.
OK We need logs from the system though, you will need to use SSH and grab logs from /var/log use google if you need help with that.
Login is simple, putty is an SSH client you can use.
My question is this.
Is it possible?
Run management/ssl_certificates.py.
1 Like
Seems to work fine:
skipped: box.domain.com:
The domain has a valid certificate already. (The certificate expires in 15 days on 08/18/18. Certificate:
/home/user-data/ssl/box.domain.com-20180818-01981951.pem, private key /home/user-
data/ssl/ssl_private_key.pem)I don’t recall if there’s a way to force renewal (you could take a peek at the source code of that file), but it doesn’t appear that there’s a problem. It should autorenew closer to the expiration date.
2 Likes
Certificate was successfully renewed, but still I got this Email Notice.
[box.domain.com] Error Provisioning TLS Certificate
- Stopping Postfix Mail Transport Agent postfix
…done.- Starting Postfix Mail Transport Agent postfix
…done.
dovecot stop/waiting
dovecot start/running, process 29268- Reloading nginx configuration nginx
…done.
Provisioning TLS certificates for box.domain.com, domain.com, www.domain.com.
installed: box.domain.com, domain.com, www.domain.com:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for box.domain.com
http-01 challenge for domain.com
http-01 challenge for www.domain.com
Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Server issued certificate; certificate written to /tmp/tmp8zpvo5_z/cert
Cert chain written to 10
Cert chain written to 11
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/tmp/tmp8zpvo5_z/cert_and_chain.pem
Your cert will expire on 2018-11-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: Donate - Let's Encrypt
Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundationupdating primary certificate
mail services restarted
web updated
I just received the same headline email
[box.domain.com] Error Provisioning TLS Certificate
Yet details showed the certificate completed properly. I also note that this particular domain I added to Miab doesn’t have a website yet (like others) so perhaps this relates to an initial TLS warning status at the time the cert was requested.
Per JoshDate I’ll plan to run this again once I finish the site
I’ve seen this happening in every version of mailinabox. It seems in post_install_func the line system_ssl_certificate = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_certificate.pem')) is wrong.
I agree that having two os.path.join seems odd but it does not appear to have any ill effect. Whether you use one or two os.path.join, the variable always gets the same value (/home/user-data/ssl/ssl_certificate.pem). I don’t think this is the source of this error message.