LetsEncrypt - SSL certificate renewal not working - Cron job abort due to missing bind variable

  • Debian 9 latest

    I-MSCP 1.5.3

    LEtsencrypt 3.4.2


    Letsencrpyt does not renew my certificates.


    less /var/log/imscp/letsencrypt-plugin-renew.pl.log says:


    Code
    1. [Thu Jun 28 00:00:01 2018] [error] called with 1 bind variables when 2 are needed at /var/www/imscp/gui/plugins/LetsEncrypt/cron/../../../../engine/PerlLib/iMSCP/Database/mysql.pm line 232, <$fh> line 406.
    2. : Couldn't process Let's Encrypt renewal tasks: %s


    Any hints?

    I-MSCP 1.5.3 - Debian 9 Stretch

  • Nuxwin

    Added the Label to be fixed
  • Nuxwin

    Changed the title of the thread from “Renew not working” to “LetsEncrypt - SSL certificate renewal not working - Cron job abort due to missing bind variable”.
  • web4you


    Please edit the /var/www/imscp/gui/plugins/LetsEncrypt/cron/renew.pl file and replace line 69:


    SQL
    1. AND letsencrypt_expires <= ? UNIX_TIMESTAMP() + ?


    by


    SQL
    1. AND letsencrypt_expires <= UNIX_TIMESTAMP() + ?


    Once done, run: perl /var/www/imscp/gui/plugins/LetsEncrypt/cron/renew.pl -dv manually. This should renew the SSL certificates that are due for renewal according the renewal policy.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • web4you


    Did you sorted out? I'm waiting your feedback regarding the fix to release a new version.


    Thanks.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • In my case, the fix doesn't work, but I have to admit, that I'm (due to lack of time) still on version 1.5.1.


    [ERROR] called with 1 bind variables when 3 are needed at /var/www/imscp/gui/plugins/LetsEncrypt/cron/../../../../engine/PerlLib/iMSCP/Database/mysql.pm line 232, <$fh> line 406.

    : Couldn't process Let's Encrypt renewal tasks: %s

  • Nuxwin  

    The error described above is gone. Ok. But i am not shure my certs are updating automaticly becouse i get emails from expiry@letsencrypt.org with expiration warnings like

    And also in admin Panel they are not updated.

    I-MSCP 1.5.3 - Debian 9 Stretch

  • web4you


    Please, post us the FULL output of the following command:


    Code
    1. perl /var/www/imscp/gui/plugins/LetsEncrypt/cron/renew.pl -dv

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • Ok after running

    Code
    1. perl /var/www/imscp/gui/plugins/LetsEncrypt/cron/renew.pl -dv

    certs are updated. I am not shure they would be automaticaly updated today evening couse the update date stand on 2.7.2018. Maybee i had to wait one more day. Sorry.

    I-MSCP 1.5.3 - Debian 9 Stretch

  • certs are updated. I am not shure they would be automaticaly updated today evening couse the update date stand on 2.7.2018. Maybee i had to wait one more day. Sorry.

    If your SSL certificates were updated while running that command manually, that means that they would have been updated while the next renew.pl cron task run.


    The cron task is run on daily basis. The problem with the Let's Encrypt notification service is that it make an assumption on the SSL certificates renewal policy. Please read https://letsencrypt.org/docs/expiration-emails/


    Also it seem that their notification service don't take into consideration SSL certificates that were shrinked or extended. For instance, if you add a subject alternative name to an SSL certificate through the Let's Encrypt plugin UI, this will result to the issuance of a new SSL certificate (SSL certificates are immutable). However, you'll still receive notifications for the old SSL certificate even through a notification for that old SSL certificate become irrelevant due to the new SSL certificate issuance that you made while adding subject alternative name. That point look really strange to me and thus, I'll try to obtain a better explaination from the Let's Encrypt team about this assertion because for me, such case should be handled as a SSL certificate renewal from the notification service point of view.


    Regarding the default policy for SSL certificate renewals, it is set in the plugin configuration file. Default value is set to 10 days (in seconds). You can change that value by editing the plugin configuration file and by triggering a plugin list update through the plugin management interface.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif