Control Web Panel
WebPanel => SSL => Topic started by: seco on June 13, 2017, 08:13:33 AM
-
Hi
My SSL certificate was renewed automatically, now I have 6 days remaining and still, it did not auto-renewed.
I checked the Letsencrypt Manager, I found this message NOT IN USE ANYMORE, PLEASE USE c and AutoSSL
I went to the SSL Cert Manager and found nothing regarding the auto renew !!
I think I will force renew this time, but what about the next times?
how to auto renew the certificate one month before expired?
Thank in advance.
-
uninstall LE manager an use auto ssl
auto ssl create a cron job for auto renew of ssl certs
-
sorry how to uninstall LE manager?
-
I'm using AutoSSL for my SSLs (LetsEncrypt is unistalled) but they are not auto updating and are now less than 30 days till expiring.
The cron job is there (15 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null) but it doesn't seem to have any effect. I can see the SSLs in the SSL vHost Manager & they work but if i run
acme.sh --list
I get a blank output list
Main_Domain KeyLength SAN_Domains Created Renew
I've also tried to force renew them using
acme.sh --renew -d mydomain.com.au --force
which returns
'mydomain.com.au' is not a issued domain, skip.
I want the SSL's to auto update themselves but I'm not sure how to progress.
-
Hi Guys,
I have the same problem as 6sense. I can't get it to renew any certificates even with LE Manager uninstalled? I have this cron job 46 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null but nothing is happening and I have 10 days left before doom on a couple of domains :( Any help would be much appreciated because I'm stumped.
Cheers, Mark
-
Nobody is answering here
-
That's a shame. Did you get it fixed your end seco?
-
Nop !!
-
Yep I'm in the same boat. I think the AutoSSL installs the certs in a different folder than acme.sh (eg: the cron job is pointed at) is expecting it to be in.
Thus we'll need an admin to have a look and provide a fix.
-
Oh, is this the end of CWP? That's a shame :(
-
You can manually delete the SSL cert and re-create it via the SSL manager which is a work around for now.
Obviously it would be much better if we could have the auto renew working correctly in the near future ;)
-
OK so given that my SSL certs were soon to expire and were yet to auto renew I took a look & developed a work around. It seems that the SSL's weren't set up using acme.sh which is what runs the auto renew cron job.
To fix this we need to firstly issue the certs using acme.sh & then install them into our default cert folders. They should then auto renew for us via the cron job when less than 30 days.
Instructions:
- Make sure all your SSL's have been set up in the SSL Cert Manager and are working
- Access your server as Root user using your preferred method
- Run the below command whereby (/home/folder-name/public_html is your DocumentRoot & your-domain.com is your domain). I circled where you can find your DocumentRoot in red (in image below) in your SSL Cert Manager.
acme.sh --issue -d your-domain.com -w /home/folder-name/public_html- Copy the issued certs to your default cert folders using the below command
acme.sh --install-cert -d your-domain.com --cert-file /etc/pki/tls/certs/your-domain.com.cert --key-file /etc/pki/tls/private/your-domain.com.key --fullchain-file /etc/pki/tls/certs/your-domain.com.bundle - Make sure the cron job is set up in Server Settings > CronTab. If it isn't you can auto create it by running the below command
acme.sh --install-cronjob- Test the cron job is working using the below code (You should see all of your SSL certs successfully renew to 89 days).
acme.sh --cron
You should now have successfully set up CWP/CentOS to auto renew all your SSL's via the cron job. The below image illustrates that the cron job auto renewed them on my server at 04:51:00.
(https://6sense.com.au/wp-content/uploads/2017/07/ssl-certs.jpg)
Hoping this helps someone faced with the same issue and be nice if our admins sees and incorporates a fix in CWP :)
Some tips:
- If you receive an (Accessing .well-known/acme-challenge/...) error, delete and recreate the .well-known folder ensuring it has the right permissions.
- If you need to do more than 5 auths or issues on the same domain while you're sorting something out include (--staging) in the command to prevent getting locked out after 5 attempts (this points the request to the Let's Encrypt sandbox).
***Please note: This work around is good with both my servers (CWP6 & CWP7) however as SSL failures can result in complete loss of site access I strongly advise you to have a working backup that you can simply revert back to if it's not right for you.
-
6Sense, you are a legend!! Thank you so much for sharing those instructions, you've helped me to squeeze out of a bit of a tight spot there :)
-
forced renewal of all certs can be done with this command:
/root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --cron --force
or single domain
/root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --renew -d www.domain.com --force