[SOLVED] TLS certificate broken, auto reinstalls at 4 am everyday

Everyday at 4am mail in a box attempts to reinstall a certificate and it doesn’t exactly work, so i have to rerun certbot. heres the output i get on my email

Provisioning TLS certificates for (my domains)
error: (my domains)
(mydomain):
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

web updated

Which version of Mail-in-a-Box are you running? What is the content of the debug log you mention? Does the System Status Checks page of your Mail-in-a-Box report errors?
Perhaps this answer of Alento will help.

How exactly are you “rerunning” certbot? From the command line? With which commands? or from the TLS/SSL Certificate page in the admin area?

In either case, I am going to first recommend running sudo mailinabox which will run through everything in the installation process. From what you have indicated, Certbot was not correctly installed initially. This should solve it.

I am running it from CLI, with “sudo certbot --nginx”

When i did sudo mailinabox and tried provisioning certiificates the output was the same. is there no way to simply disable the automatic provisioning at ~3 am?

Cheers!

I also attempted fixing it with a crontab

0 4 * * * /usr/bin/certbot --nginx --quiet --domains libunity.org
0 4 * * * /usr/bin/certbot --nginx --quiet --domains box.libunity.org

however it didn’t appear to work.

You should NEVER need to do so with MiaB. Are ypu not viewing the errors and realizing that it does not work? OR, did you attempt to manually install certbot?

So let’s go back to the beginning …

How exactly does it not work? Can you describe the issue please.

Why would you want this? Your goal IS to have SSL certs renewed as needed.

No, that is not going to help as MiaB does not use certbot directly as you would from the command line. Instead run ./mailinabox/management/ssl_certificates.py as the root user from it’s home dir cd ~.

It DOES work when i run certbot manually, when i try to run " ./mailinabox/management/ssl_certificates.py" it results in

Provisioning TLS certificates for libunity.org, autoconfig.libunity.org, autodiscover.libunity.org, mta-sts.libunity.org, www.libunity.org.
error: libunity.org, autoconfig.libunity.org, autodiscover.libunity.org, mta-sts.libunity.org, www.libunity.org:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.


i noticed

  "--non-interactive", # will fail if user hasn't registered during Mail-in-a-Box setup

I didn’t get promted to register during setup i think? have i skipped over something?

The very last step in the installation process was skipped somehow. I have seen this before and no, it wasn’t something that you did or did not do specifically. This is the reason I suggested to run sudo mailinabox as that should have completed this missing step. However, you said that you did and it didn’t, so let’s go with the nuclear option.

Run this:
certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt replacing $STORAGE_ROOT with the actual path to your data directory, which if you did not declare a $STORAGE_ROOT should be /home/user-data/. If this is indeed the case the command is:

certbot register --register-unsafely-without-email --agree-tos --config-dir /home/user-data/ssl/lets_encrypt

which should be ran as root.

1 Like

This worked! Thank you very much!!
:smiley:

1 Like

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.