Submitted by otis on Thu, 07/07/2016 - 13:05 Pro Licensee
I have set up letsencrypt certs on three virtual servers. In each case I failed to change the "Months between automatic renewal" setting from "Only renew manually" to some number of months.
I would like these certs to auto renew.
Is there a way to change the configuration for these certs to auto renew without requesting another cert?
What is the optimal/max number of months that can be entered in the "Months between automatic renewal" setting?
Thanks for helping.
Submitted by andreychek on Thu, 07/07/2016 - 14:49 Comment #1
Howdy -- sure, you can set that by going into Server Configuration -> Manage SSL Certificate -> Let's Encrypt, and there, set "Months between automatic renewal" to your preferred number of months.
The certificate will expire after 3 months. I personally generally choose 2 months.
Submitted by otis on Thu, 07/07/2016 - 15:07 Pro Licensee Comment #2
Won't that result in a request for and installation of another cert?
Submitted by andreychek on Thu, 07/07/2016 - 20:02 Comment #3
Hrm, looking at that again, you may be right.
If that's a problem, you could always wait until it's time to renew, and at that time, manually renew and also change the automatic renewal settings at the same time.
However, is there a problem with obtaining a new SSL cert? In most cases it wouldn't actually matter if you are issued a new one.
Submitted by otis on Thu, 07/07/2016 - 21:54 Pro Licensee Comment #4
I don't know enough about letsencrypt to know if it is a problem requesting a new certificate so soon after getting an initial one.
I see a reference in https://www.virtualmin.com/node/40998 to removing or modifying "letsencrypt_renew" lines. Would adding such lines solve my problem without doing something that involves requesting a new cert?
Submitted by JamieCameron on Fri, 07/08/2016 - 05:44 Comment #5
Note that in the next Virtualmin release, it will be possible to change the Let's Encrypt renewal period for domains that already have a cert.
Submitted by amityweb on Sat, 02/18/2017 - 02:01 Comment #6
Hi JamieCameron. Has there been a release for this since your ticket? So can we now change the settings, as I would like to. I could not find much documentation about Virtualmin LetsEncrypt so have entered 12 months for renewal thinking this will set the expire time, but I gather this is wrong and need to change it for all SSLs. Thanks
Submitted by amityweb on Sat, 02/18/2017 - 02:14 Comment #7
I have found it, just go back into the Manage SSL settings for Lets Encrypt where you installed it and can change there.
It would be good to be able to see a list of all domains using LetsEncrypt as I cant remember which ones I setup with 12 months now.
Submitted by JamieCameron on Sat, 02/18/2017 - 13:32 Comment #8
Nice idea, however we don't have a way of doing this easily in the current UI or API.
Submitted by kmedri on Thu, 03/02/2017 - 19:40 Comment #9
Would be great to think about adding the facility to bulk change the renewal period as Lets Encrypt may reduce the lifetime of their certs in the future https://letsencrypt.org/2015/11/09/why-90-days.html
Submitted by JamieCameron on Thu, 03/02/2017 - 22:19 Comment #10
You can use the Virtualmin command-line API to turn on automatic renewal for multiple domains, with a command like :
virtualmin modify-web --all-domains --letsencrypt-renew 2
Submitted by fede on Wed, 05/10/2017 - 03:02 Comment #11
How to manually renew a certificate ?
Submitted by andreychek on Wed, 05/10/2017 - 08:16 Comment #12
You can see a list of all options by running the command "virtualmin modify-web". The option "--no-letsencrypt-renew" should do what you want there.