Author Topic: autorenew ssl is enabled yet my certificates will expired after 6 days  (Read 25496 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Hi
My SSL certificate was renewed automatically, now I have 6 days remaining and still, it did not auto-renewed.
I checked the Letsencrypt Manager, I found this message NOT IN USE ANYMORE, PLEASE USE c and AutoSSL
I went to the SSL Cert Manager and found nothing regarding the auto renew !!
I think I will force renew this time, but what about the next times?
how to auto renew the certificate one month before expired?
Thank in advance.

Offline
*****
uninstall LE manager an use auto ssl

auto ssl create a cron job for auto renew of ssl certs

Offline
*
sorry how to uninstall LE manager?

Offline
*
I'm using AutoSSL for my SSLs (LetsEncrypt is unistalled) but they are not auto updating and are now less than 30 days till expiring.

The cron job is there (15 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null) but it doesn't seem to have any effect. I can see the SSLs in the SSL vHost Manager & they work but if i run
Code: [Select]
acme.sh --list 
I get a blank output list
Code: [Select]
Main_Domain  KeyLength  SAN_Domains  Created  Renew
I've also tried to force renew them using
Code: [Select]
acme.sh --renew -d mydomain.com.au --force
which returns
Code: [Select]
'mydomain.com.au' is not a issued domain, skip.
I want the SSL's to auto update themselves but I'm not sure how to progress.

Web Design, Development & Web Hosting
https://6sense.com.au

Offline
*
Hi Guys,

I have the same problem as 6sense. I can't get it to renew any certificates even with LE Manager uninstalled? I have this cron job 46 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null but nothing is happening and I have 10 days left before doom on a couple of domains :( Any help would be much appreciated because I'm stumped.

Cheers, Mark

Offline
*
Nobody is answering here

Offline
*
That's a shame. Did you get it fixed your end seco?

Offline
*
Nop !!

Offline
*
Yep I'm in the same boat. I think the AutoSSL installs the certs in a different folder than acme.sh (eg: the cron job is pointed at) is expecting it to be in.

Thus we'll need an admin to have a look and provide a fix.
Web Design, Development & Web Hosting
https://6sense.com.au

Offline
*
Oh, is this the end of CWP? That's a shame :(

Offline
*
You can manually delete the SSL cert and re-create it via the SSL manager which is a work around for now.

Obviously it would be much better if we could have the auto renew working correctly in the near future  ;)
Web Design, Development & Web Hosting
https://6sense.com.au

Offline
*
OK so given that my SSL certs were soon to expire and were yet to auto renew I took a look & developed a work around. It seems that the SSL's weren't set up using acme.sh which is what runs the auto renew cron job.

To fix this we need to firstly issue the certs using acme.sh & then install them into our default cert folders. They should then auto renew for us via the cron job when less than 30 days.

Instructions:
  • Make sure all your SSL's have been set up in the SSL Cert Manager and are working
  • Access your server as Root user using your preferred method
  • Run the below command whereby (/home/folder-name/public_html is your DocumentRoot & your-domain.com is your domain). I circled where you can find your DocumentRoot in red (in image below) in your SSL Cert Manager.
Code: [Select]
acme.sh  --issue  -d your-domain.com -w /home/folder-name/public_html
  • Copy the issued certs to your default cert folders using the below command
Code: [Select]
acme.sh --install-cert -d your-domain.com --cert-file /etc/pki/tls/certs/your-domain.com.cert --key-file  /etc/pki/tls/private/your-domain.com.key --fullchain-file /etc/pki/tls/certs/your-domain.com.bundle
  • Make sure the cron job is set up in Server Settings > CronTab. If it isn't you can auto create it by running the below command
Code: [Select]
acme.sh --install-cronjob
  • Test the cron job is working using the below code (You should see all of your SSL certs successfully renew to 89 days).
Code: [Select]
acme.sh --cron

    You should now have successfully set up CWP/CentOS to auto renew all your SSL's via the cron job. The below image illustrates that the cron job auto renewed them on my server at 04:51:00.



    Hoping this helps someone faced with the same issue and be nice if our admins sees and incorporates a fix in CWP  :)

    Some tips:

    - If you receive an (Accessing .well-known/acme-challenge/...) error, delete and recreate the .well-known folder ensuring it has the right permissions.
    - If you need to do more than 5 auths or issues on the same domain while you're sorting something out include (--staging) in the command to prevent getting locked out after 5 attempts (this points the request to the Let's Encrypt sandbox).

    ***Please note: This work around is good with both my servers (CWP6 & CWP7) however as SSL failures can result in complete loss of site access  I strongly advise you to have a working backup that you can simply revert back to if it's not right for you.
    Web Design, Development & Web Hosting
    https://6sense.com.au

    Offline
    *
    6Sense, you are a legend!! Thank you so much for sharing those instructions, you've helped me to squeeze out of a bit of a tight spot there :)

    Offline
    *
    Re: autorenew ssl is enabled yet my certificates will expired after 6 days
    « Reply #13 on: August 09, 2017, 10:34:45 AM »
    forced renewal of all certs can be done with this command:
    Code: [Select]
    /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --cron --force
    or single domain
    Code: [Select]
    /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --renew -d www.domain.com --force
    VPS & Dedicated server provider with included FREE Managed support for CWP.
    http://www.studio4host.com/

    *** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.