Virtualmin trying to renew Let's Encrypt cert too early

Submitted by bobemoe on Fri, 10/04/2019 - 08:28

I posted originally here but I think it may have been the wrong place https://www.virtualmin.com/node/67264

The problem is that virtualmin is trying to renew a lets encrypt cert but is getting the error: "You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry."

I think the cause may be that I used certbot to renew some certs outside of virtualmin.

I think the problem may be that virtualmin stores the expiry date somewhere rather than checking the actual cert, and this has become out of sync.

Any ideas if/where these dates are stored and how I can get them back in sync?

Cheers :)

Status: 
Fixed (pending)

Comments

Submitted by scotwnw on Fri, 10/04/2019 - 14:00 Pro Licensee

I ran into this also. Looks like virtualmin looks at certs in the home/domain folder but when certbot runs it sees the left over cert in /etc/letsencrypt/something. The 3 cert file dates dont all correspond either. Like a partial renew may have happened previously? The error is from certbot seeing the cert in the letsencrypt folder. Why all of a sudden virtulmin isn't deleting those or why it started needed to be deleted. Not sure.

Submitted by JamieCameron on Sat, 10/05/2019 - 11:04

The next release of Webmin will fix this by forcing an renewal, even if it's not close to expiry.

Submitted by bobemoe on Sun, 10/06/2019 - 05:39

Thanks for the info, and awesome news of the fix! :) When will the next release be out? I'm wondering whether to clean up manually or wait so we can confirm the fix has sorted it?

Submitted by bobemoe on Mon, 10/07/2019 - 03:55

Thanks. Curious, the patch failed as I didn't have --keep-until-expiring so I just added --force-renewal manually.

Submitted by bobemoe on Mon, 10/07/2019 - 04:45

It fixed it, the renewals are completing now :) thanks