Got this Email Notice: Error Provisioning TLS Certificate

How to force auto renew via CLI command?
My Host Cert will expire on August 18.

Do you have more detail than that? Error logs?

That’s all I got from Email.
And I just verify it by looking at my certificate, and it’s not being updated/renew.

OK We need logs from the system though, you will need to use SSH and grab logs from /var/log use google if you need help with that.

Login is simple, putty is an SSH client you can use.

My question is this.
Is it possible?

On versions of MIAB < 0.28 you cannot exactly force it I don’t think.

@JoshData

Run management/ssl_certificates.py.

1 Like

Seems to work fine:

    skipped: box.domain.com:
    The domain has a valid certificate already. (The certificate expires in 15 days on 08/18/18. Certificate: 
    /home/user-data/ssl/box.domain.com-20180818-01981951.pem, private key /home/user- 
    data/ssl/ssl_private_key.pem)

I don’t recall if there’s a way to force renewal (you could take a peek at the source code of that file), but it doesn’t appear that there’s a problem. It should autorenew closer to the expiration date.

2 Likes

Certificate was successfully renewed, but still I got this Email Notice.

[box.domain.com] Error Provisioning TLS Certificate

  • Stopping Postfix Mail Transport Agent postfix
    …done.
  • Starting Postfix Mail Transport Agent postfix
    …done.
    dovecot stop/waiting
    dovecot start/running, process 29268
  • Reloading nginx configuration nginx
    …done.
    Provisioning TLS certificates for box.domain.com, domain.com, www.domain.com.
    installed: box.domain.com, domain.com, www.domain.com:
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Performing the following challenges:
    http-01 challenge for box.domain.com
    http-01 challenge for domain.com
    http-01 challenge for www.domain.com
    Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains.
    Waiting for verification…
    Cleaning up challenges
    Server issued certificate; certificate written to /tmp/tmp8zpvo5_z/cert
    Cert chain written to 10
    Cert chain written to 11
    IMPORTANT NOTES:
  • Congratulations! Your certificate and chain have been saved at:
    /tmp/tmp8zpvo5_z/cert_and_chain.pem
    Your cert will expire on 2018-11-01. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

updating primary certificate
mail services restarted
web updated

I just received the same headline email
[box.domain.com] Error Provisioning TLS Certificate

Yet details showed the certificate completed properly. I also note that this particular domain I added to Miab doesn’t have a website yet (like others) so perhaps this relates to an initial TLS warning status at the time the cert was requested.

Per JoshDate I’ll plan to run this again once I finish the site