These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for LE not renewing automatically in Webmin on the new forum.
Web Hosting and Cloud Computing Control Panels
There's usually some kind of error message...
the only error messages i ever see are when browsers and mail clients start flipping out over an expired cert.
So after a failure, and you are about to re-request the cert..
You go into Virtualmin->select the virtual server you want->Server Configuration->Manage SSL Certificate->Let's Encrypt
At the bottom of the page, you don't see any error message, and/or you don't receive any email telling you your renewal failed?
No renewal issues with virtualmin servers. My issue is in the webmin module. no error messages on webmin > webmin > webmin configuration > ssl encryption > le page.
Pretty much the same form. You should still have received an email with the error.
In any case, we can't help unless you show us the error message.
Go into Webmin->Webmin Actions Log. You should be able to leave most everything as default, except choose the time period of interest (ie, between Jul and Oct or something). Click Search.
You should find some entries like "letsencrypt domain example.com". Click on them. Open the "Raw log data" section and scroll to see the error. You can paste it here, but please use the code tags (see the "More info about text formats" below the reply box) so it formats into a readable thing.
When nothing showed up during the specified renewal period, i expanded the time frame out from the day the last cert was issued to today. Except for successful virtualmin cert renewals, nothing until i got as far back as Aug 31, the day the previous cert was issued.
Requested new SSL certificate from Let's Encrypt,"Webmin Configuration","user","x.x.x.x","31/Aug/2017 07:51"Seems webmin isn't even trying to renew?
the sudden influx of support calls this morning reminded me that this issue still isnt resolved. another certificate manually requested. good for another 3 months. still nothing, other than this morning's manual request, in the webmin action log.
bump
bump
bump
bump
Sorry for the lack of reply. I don't know why this is happening for you; LE renewals work on all of my systems.
Have you disabled the Virtualmin scheduled job? That's the only reason I can think of that it wouldn't run on schedule...Let's Encrypt renewals are part of that scheduled job.
--
Check out the forum guidelines!
im sorry, how would i check? webmin - system - scheduled cron jobs?
Virtualmin Configuration->Status Collection
There are several options in that section, but what I'd recommend is that if it is not currently disabled, turn it off and then back on again. Maybe that'll regenerate the scheduled job (which does end up in the Webmin scheduled jobs list, but there's no user-friendly way to create it aside from getting Virtualmin to do it for you).
If status collection is too heavy for your system (and it can be heavy on systems that have low memory), just reduce the frequency by a lot...like run it every hour or four or whatever. But, you really do want it running at least once a day because it does so many important house-keeping tasks.
--
Check out the forum guidelines!
"Interval between status collection job runs" changed from 5 mins to never, saved, rechecked config, setting changed back to 5 mins, saved, rechecked config. it should attempt to renew the cert next week. we'll see...
thx!
If the problem persists, do follow up. I'll have to talk to Jamie about what else to look at, if it does continue to fail, as I'm out of ideas. It's not something that has a lot of knobs to twiddle, so there's not really much that should be able to go wrong, but I've seen people report it at least a couple of times.
--
Check out the forum guidelines!
it did not renew. :(
Does anything about it appear in the /var/webmin/webmin.log or in any of the other logs in that directory? Do other scheduled tasks happen? e.g. does the dashboard tell you when you have software updates available (without having to manually refresh it)?
--
Check out the forum guidelines!
Also important to know.
1 Domain or more / all domains on that server.? For those domain(S) SUBSERVER / ALIAS / SUBDOMAIN eXISTS in the domainlist GUI LE cert?
Apache or NGINX.
If apache url rewrites / forwarding htaccess somewhere...
If manually renew no errors at all in error logs?
Somehow cleanup LE older not used certs, don't know
the only thing i see is in miniserv.error, after changing the auto renew increment and pressing update renewal:
[29/Jul/2019:15:15:55 -0500] Reloading configurationUse of uninitialized value in string eq at ./webmin-lib.pl line 1869.
upon tracking down webmin-lib.pl, lines 1829 - 1871 read:
sub cert_info{
my %rv;
local $_;
open(OUT, "openssl x509 -in ".quotemeta($_[0])." -issuer -subject -enddate -text |");
while(<OUT>) {
s/\r|\n//g;
if (/subject=.*CN\s*=\s*([^\/]+)/) {
$rv{'cn'} = $1;
}
if (/subject=.*O\s*=\s*([^\/]+)/) {
$rv{'o'} = $1;
}
if (/subject=.*Email\s*=\s*([^\/]+)/) {
$rv{'email'} = $1;
}
if (/issuer=.*CN\s*=\s*([^\/]+)/) {
$rv{'issuer_cn'} = $1;
}
if (/issuer=.*O\s*=\s*([^\/]+)/) {
$rv{'issuer_o'} = $1;
}
if (/issuer=.*Email\s*=\s*([^\/]+)/) {
$rv{'issuer_email'} = $1;
}
if (/notAfter\s*=\s*(.*)/) {
$rv{'notafter'} = $1;
}
if (/Subject\s+Alternative\s+Name/i) {
my $alts = <OUT>;
$alts =~ s/^\s+//;
foreach my $a (split(/[, ]+/, $alts)) {
if ($a =~ /^DNS:(\S+)/) {
push(@{$rv{'alt'}}, $1);
}
}
}
}
close(OUT);
$rv{'type'} = $rv{'o'} eq $rv{'issuer_o'} ? $text{'ssl_typeself'}
: $text{'ssl_typereal'};
return \%rv;
}
is that of any help?
and yes, other scheduled stuff happens.
back over in webmin - system - scheduled cron jobs, i dont see any reference to anything about LE/certbot. what command am i looking for in the list?
bump
bump
bump
Hi,
Typically wnen LE has problems renewing, I've found that there is at least one problematic domain on the server which halts the renewal of other domains. I would suggest checking the validity of each domain, to see if one of them is the culprit.
If you'd like to setup a private session, I can go through your server and diagnose what is going on. Send me an email if you'd like to discuss this option.
Best Regards,Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
each name on the certificate resolves just fine. does that confirm validity?
Hi,
How many domains are being hosted?
Best Regards,Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
there are 5 sans on the certificate in question.
Hi,
If you're on Skype, drop me a message.
Best Regards,Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
bump
Oh, a thought just came up. This is a "just in case" mention, that I mention in case it helps.
I once had a relatively similar situation with virtualmin: impossible to renew a certificate with no error message to tell there was a problem.
That was because I did something wrong with a config file, and the system was smart enough to verify if config files were good and would have allowed Apache to properly restart once it was shut down. As the answer was "nope, root is stupid and screwed up again", Apache wasn't allowed to restart. However, that didn't generate an explanation in virtualmin, the renewal procedure seemed like it was going through, although it didn't, as an Apache restart was required to finalize and apply the changes.
I discovered the problem myself after, being paranoid and all, I tried to restart Apache by ssh, and understood. Once the problem with the config file was fixed, apache was able to restart on demand, and virtualmin properly applied the certificate renewal.
I doubt that's your problem, but, hey, who can tell!
apache restarted via ssh. certificate due to be renewed next week. we'll see.
still no joy. about to celebrate 2 years of manually renewing. :(
bump
bump
bump
IF GPL License you could try payed Support ticket.?
Or TPNSOLUTIONs.. payed support / training
bump
Can i clarify,
Is this just tue auto renew for your webmin server domain itself? (You say in title "webmin" not auto renewing)
So all your virtualmin virtual server certificates are auto renewing?
https://ajecreative.com.au
correct on both counts.
Then i am confused by your statement "a sudden influx of phone calls..." from clients?
Are you hosting clients with Webmin in addition to Virtualmin and on the same system?
I am just trying to recall if i even run a letsencrypt ssl on my webserver administrator interface...EDIT oh i have got letsencrypt running for webmin and mine is working fine.
Why are clients complaining exactly and for what service (webhosting or email?)
https://ajecreative.com.au
dovecot and other services use a san on the webmin certificate, due to lack of sni support at the time.
automatic renewal of the webmin certificate worked fine for the first year or so. then one day...
bump
just realized this topic turned two yesterday. now where are my candles...
bump
kinda spooky how long this has been outstanding. ;-)
Please read here both post you see they need time for some more then only LE.
AND LE script is maybe in work at virtualmin. https://www.virtualmin.com/comment/818437#comment-818437
https://www.virtualmin.com/node/67390
Ofcourse you could still have an other problem as cause
You HAVE GPL TPNsolutions asked you to skype him, and you can open a support ticket at virtualmin ?!?!my issue predates that.
YUp we all know. ;)
BUT pointing out it makes no sense to solve your issue, and not solving other parts out of links i posted.
Meaning if they are working on new version of script , they will test ofcourse and then probably if your issue is caused by a bug also solved. Solving a issue in for now outdated script makes no sense!
IF NOT BUG, but something with your situation / config we did post some notes where and how to get help.
Also if you really wanted help to solve it you could get payed support ( also long time ago) to solve your issue, even one Person is offering you to help by skype?????????????.Even his emailadres is here above in topic from tpnsolutions
I'm on CENTOS 7x and there no problems! Only with that acmev1<>v2 ofcourse now
bump
Pages