Is there a way to force a renewal upon the certificates prior to 14 days before their expiration date?


#1

I could run the following script to do this before:

./mailinabox/management/ssl_certificates.py -v

But after MiaB switched to certbot instead, I haven’t found a way to achieve it so far.

Ideas?:thinking:


#2

Yes! I don’t know why @JoshData needed to setup the renewal call at 14 days level when ‘Let’s Encrypt’ allows up to 30 days (29 days to be sure considering the gap because the UTC time required) . Sometimes, 14 days could not be enough time to debug it if errors/ issues could happen. Perhaps, @JoshData could extend mentioned period up/ close to the official renewal time that Let’s Encrypt gives by default.

[IMPORTANT] Create a snapshot of your BOX server before to proceed:

  • If you really can’t wait and you just need the certificate for your main/ default box.yourdomain.tld you can force to get a new certificate by renaming the folder /home/user-data to /home/user-data_OLD and to run through ssh mailinabox afterwards or perhaps, as you said before, ./mailinabox/management/ssl_certificates.py -v could be enough (knowing the folder and its content doesn’t exist because has been renamed then, the last command should recreate the renamed folder, all its content and the new certificate). When sure well worked don’t forget to delete the old /home/user-data_OLD folder.

#3

Thanks for your great hint. I made it by:

  1. SSH to the box;
  2. cd /home/user-data/ssl
  3. Remove everything with rm -rf … except for file dh2048.pem and folder lets_encrypt (you shall not get blamed for keeping the folder lets_encrypt-old as I know you go with old-school fashion);
  4. curl -s https://mailinabox.email/setup.sh | sudo bash
  5. Do as you did for an out-of-box box (not a typo) by visiting the box with its IP, provisioning the certificates from scratch, and then revisiting it with its major domain (the one, which now obtains its certificate, you specify as the answer to the first interactive question given during MiaB installation).

In a nutshell: Remove all the existing certificates and reinstall (or, in other words, upgrade) the system.

Hope @JoshData can provide us with a better tool as certbot actually allows us to force the renewal upon the certificates up to 5 times a week.


#4

Had a mistake here: The folder you need to rename is /home/user-data/ssl to /home/user-data/ssl_OLD

Sorry for that!


#5

I was smart enough to detect that error and avoided myself from some really bad things from happening.:yum: