Lets Encrypt Renewal

From what I can tell you use a webmin scheduled function for letsencrypt renewals. However the cromn is set to every 3 months not daily to check the cert. That's bad if your renewal does not match the cron times.

Second you store letsencrypt_renewal in the domain data, but i dont see this referenced or used anywhere for renewal logic. I just had a case where a bunch of certs never renewed but the renewal; was set to 1 month.

How does the renewal function work in virtualmin as it seems to not work.

Status: 
Closed (fixed)

Comments

Howdy -- when creating the Let's Encrypt cert, it asks when it should run the renewal, it doesn't actually check on it's own.

Jamie, I'm not sure that what pcfreak30 is discussing wouldn't be a better option though...

Rather than asking the user when to renew a Let's Encrypt cert -- in general, this is always going to be "whenever it's about to expire". So what if Virtualmin/Webmin just checks on it's own and makes a decision on when to renew Let's Encrypt based on the expiration date?

So the check is done every day - and once the cert passes the 3 month window (or whatever you set), it will get renewed. I suppose a better option would be to check the cert itself for expiry and renew when it's within a few days ... although that is slightly more complex, as the expiry date is set by the Let's Encrypt service.

No you just parse the cert and check the date of it.. That's what vestacp does. Issue is i just had this setup on two boxes, one had like at least 50 sites. none renewed on either. I can not find where this daily renew function is. The webmin scheduled function seems to be set every 3 months and uses a $config key i can't find in ui, and virtualmin doesn't save to it that I can see. I need to be able to rely on the renew and this caused downtime due to broken ssl's.

The next release will fix this by checking the actual expiry date on the cert.

Implemented for inclusion in the 5.06 release.

Status: Active » Fixed
Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.