Let's encrypt autorenew

  • Debian 9.2
    i-mscp 1.5.1
    Let's encrypt 3.3.0


    1. When should the certificates be updated automaticly? On last day or some days befor?


    2. My certs are not automaticly updated. Where should i go?


    I am not realy shure but i think befor the upgrade to 1.5.1 they are automaticly updated. On my update i hat not any problem. I stopped all plugins and updated/restarted.


    Manualy cert upgrade works fine.

    I-MSCP 1.5.3 - Debian 9 Stretch

  • @web4you


    They should be renewed 1 month before their expire date. If that is not your case, there is a problem somewhere.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Is there a way to debug auto renew? My certificates are also not updated automatically, as if there is a missing cronjob.
    If I set the state to "torenew" in the database, certs are renewed.


    Edit: I've found this:


    Code
    1. [DEBUG] iMSCP::Bootstrapper::boot: Booting backend....
    2. [DEBUG] iMSCP::LockFile::acquire: Acquiring exclusive lock on /var/lock/imscp.lock
    3. [DEBUG] iMSCP::EventManager::_init: Loading /etc/imscp/listeners.d/00_postfix_sendgrid.pl listener file
    4. [DEBUG] iMSCP::EventManager::_init: Loading /etc/imscp/listeners.d/10_apache2_dualstack.pl listener file
    5. [DEBUG] iMSCP::EventManager::_init: Loading /etc/imscp/listeners.d/10_named_zonetransfer.pl listener file
    6. [DEBUG] iMSCP::Service::_detectInit: Systemd init system has been detected
    7. [DEBUG] iMSCP::Execute::execute: /bin/systemctl --system is-active mysql.service <-- MySQL is not running as a local server but as an external service, it seems that the script exits here.
    8. [DEBUG] iMSCP::Provider::Service::Sysvinit::_exec: inactive
    9. [DEBUG] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp-letsencrypt-pending.lock
    10. [DEBUG] iMSCP::LockFile::release: Releasing exclusive lock on /var/lock/imscp.lock

    Edit2:
    Commenting out "iMSCP::Service->getInstance( )->isRunning( 'mysql' ) or exit;" fixes the problem temporarily.


    Edit3:
    I've created an issue for that: https://youtrack.i-mscp.net/issue/IP-1774

    Edited 2 times, last by illumi241 ().

  • Should it work to change:


    iMSCP::Service->getInstance( )->isRunning( 'mysql' ) or exit;


    to


    iMSCP::Service->getInstance( )->isRunning( 'mariadb' ) or exit;


    couse


    /bin/systemctl --system is-active mariadb.service
    active
    root@web4you-server-02:/home/juerg#


    ??

    I-MSCP 1.5.3 - Debian 9 Stretch

  • @web4you


    iMSCP::Service->getInstance( )->isRunning( 'mysql' ) or exit;


    to


    iMSCP::Service->getInstance( )->isRunning( 'mariadb' ) or exit;


    Of course yes, but only if your SQL server is local ;)


    Basically, there are two issues:

    • If you're making use of a remote SQL server, service will be always reported as inactive (no local SQL server). That bug will be addressed in the next LetsEncrypt plugin version. See https://youtrack.i-mscp.net/issue/IP-1774
    • If you're making use of MariaDB and your init system is systemd, the service could be also reported as inactive by our systemd provider because in such a case the mysql.service is an alias unit that is not automatically pre-loaded because not referenced That is a bug in systemd. See https://jira.mariadb.org/browse/MDEV-14944

    To resume


    The first issue is a bug in our letsencrypt plugin while the second is a bug in systemd that has been addressed lately by Lennart Poettering, following my report. See https://github.com/systemd/systemd/issues/7875


    For the second issue, a fix has been added in our systemd provider because of course, the fix in systemd is not made available in systemd versions currently shipped with our favorite distributions and I've no idea whether or not it will be backported by the systemd Debian package maintainer. To workaround the issue in systemd versions prior the fix, our systemd provider will now resolve the unit aliases prior acting. Thus, even if in the cron task we're querying the mysql.service, which in the case of the MariaDB server is an unit alias, our provider will query the mariadb.service unit instead, that is, the unit that define the mysql.service unit alias. This fix will be part of i-MSCP 1.6.0.


    See also: https://github.com/i-MSCP/imsc…s/Service/Systemd.pm#L295

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • <p>Hi,</p><p>I am user of this plug-in but I am not clear how to renew the certificates. Can you please give me a simple guide how I should renew them or what I should do to renew them?<br></p>

  • Hello Omi Azad,


    You can Revoke and Re-create the certificate easily via the panel! (Screenshot)


    Best regards.

    Files

    Support Infos: I-MSCP Version: 1.5.x / Distro: Debian Stretch / PHP: 7.1.27 - FPM / I-MSCP Plugins: Let´s Encrypt + PHPSwitcher (latest Versions)

  • Good evening!


    Yes, there will be created a new certificate, with new 90 days validation!


    Best regards

    Support Infos: I-MSCP Version: 1.5.x / Distro: Debian Stretch / PHP: 7.1.27 - FPM / I-MSCP Plugins: Let´s Encrypt + PHPSwitcher (latest Versions)

  • Nuxwin

    Set the Label from in progress to patched