Author Topic: LetsEncrypt cron job failing  (Read 3063 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
LetsEncrypt cron job failing
« on: May 14, 2022, 12:15:13 AM »
Just recently, the LE Certs update cron job has started to fail renewals - manual LE renewal via the WebPanel works just fine.

The error being:
config file is empty, can not read CA_EAB_KEY_ID
config file is empty, can not read CA_EAB_HMAC_KEY
config file is empty, can not read CA_EMAIL
No EAB credentials found for ZeroSSL, let's get one


It appears to be using the correct CA:  Using CA: https://acme.zerossl.com/v2/DV90
and the email is already registered via acme.sh --register-account -m <email>

As mentioned, the manual update (Renew Now) via the ssl_certificate module works correctly, it is the acme.sh --cron --home "/root/.acme.sh/cwp_certs" which fails.

Thanks, Klaus


Offline
*
Re: LetsEncrypt cron job failing
« Reply #1 on: June 03, 2022, 03:29:23 PM »
I have a couple of servers that are not auto-renewing.
Don't see these errors in the log.
Anyone else seeing this?
Is there a known fix?

-Dave

Offline
*
Re: LetsEncrypt cron job failing
« Reply #2 on: June 06, 2022, 07:15:11 AM »
Had same issue. Believe it's caused by acme.sh now defaulting to ZeroSSL instead of LetsEncrypt. Tried registering acme.sh ZeroSSL email, but still wasn't renewing.

Tried changing acme.sh back to letsencrypt (didn't help either. with expired domains at least, might help with future renewals):
Code: [Select]
/root/.acme.sh/acme.sh --set-default-ca  --server  letsencrypt
Had to go into the config file (/root/.acme.sh/cwp_certs) for each domain that was failing and change
Code: [Select]
Le_API='https://acme.zerossl.com/v2/DV90'to
Code: [Select]
Le_API='https://acme-v02.api.letsencrypt.org/directory'
then run the cron again
Code: [Select]
/root/.acme.sh/acme.sh --cron --home /root/.acme.sh/cwp_certs --renew-hook "systemctl reload postfix dovecot"
it now works! :)

Not sure if I should look into trying to get ZeroSSL working. But LetsEncrypt seems to be working fine...
« Last Edit: June 06, 2022, 07:17:19 AM by emerysteele »

Offline
*
Re: LetsEncrypt cron job failing
« Reply #3 on: June 06, 2022, 07:41:39 AM »
This morning I had the same issue. My site cert was expired. I make renewals manually without any issues with it. Hovbewer, For some reason there weren't Services installed on the list although I know I  install them at the beginning.
Now when I install Services mail and webmail, I see a double entry. I can't remove them and that bothers me.

I don't understand this message and I appreciate any help.
Thanks