OK so given that my SSL certs were soon to expire and were yet to auto renew I took a look & developed a work around. It seems that the SSL's weren't set up using acme.sh which is what runs the auto renew cron job.
To fix this we need to firstly issue the certs using acme.sh & then install them into our default cert folders. They should then auto renew for us via the cron job when less than 30 days.
Instructions:- Make sure all your SSL's have been set up in the SSL Cert Manager and are working
- Access your server as Root user using your preferred method
- Run the below command whereby (/home/folder-name/public_html is your DocumentRoot & your-domain.com is your domain). I circled where you can find your DocumentRoot in red (in image below) in your SSL Cert Manager.
acme.sh --issue -d your-domain.com -w /home/folder-name/public_html
- Copy the issued certs to your default cert folders using the below command
acme.sh --install-cert -d your-domain.com --cert-file /etc/pki/tls/certs/your-domain.com.cert --key-file /etc/pki/tls/private/your-domain.com.key --fullchain-file /etc/pki/tls/certs/your-domain.com.bundle
- Make sure the cron job is set up in Server Settings > CronTab. If it isn't you can auto create it by running the below command
acme.sh --install-cronjob
- Test the cron job is working using the below code (You should see all of your SSL certs successfully renew to 89 days).
acme.sh --cron
You should now have successfully set up CWP/CentOS to auto renew all your SSL's via the cron job. The below image illustrates that the cron job auto renewed them on my server at 04:51:00.
Hoping this helps someone faced with the same issue and be nice if our admins sees and incorporates a fix in CWP
Some tips: - If you receive an (Accessing .well-known/acme-challenge/...) error, delete and recreate the .well-known folder ensuring it has the right permissions.
- If you need to do more than 5 auths or issues on the same domain while you're sorting something out include (--staging) in the command to prevent getting locked out after 5 attempts (this points the request to the Let's Encrypt sandbox).
***Please note: This work around is good with both my servers (CWP6 & CWP7) however as SSL failures can result in complete loss of site access I strongly advise you to have a working backup that you can simply revert back to if it's not right for you.