LetsEncrypt - SSL certificate renewal not working - Cron job abort due to missing bind variable

web4you

Please edit the /var/www/imscp/gui/plugins/LetsEncrypt/cron/renew.pl file and replace line 69:

by

Once done, run: perl /var/www/imscp/gui/plugins/LetsEncrypt/cron/renew.pl -dv manually. This should renew the SSL certificates that are due for renewal according the renewal policy.

web4you

Did you sorted out? I'm waiting your feedback regarding the fix to release a new version.

Thanks.

In my case, the fix doesn't work, but I have to admit, that I'm (due to lack of time) still on version 1.5.1.

[ERROR] called with 1 bind variables when 3 are needed at /var/www/imscp/gui/plugins/LetsEncrypt/cron/../../../../engine/PerlLib/iMSCP/Database/mysql.pm line 232, <$fh> line 406.

: Couldn't process Let's Encrypt renewal tasks: %s

Sorry, made a mistake. Works for me!

web4you

Please, post us the FULL output of the following command:

Quote from web4you

certs are updated. I am not shure they would be automaticaly updated today evening couse the update date stand on 2.7.2018. Maybee i had to wait one more day. Sorry.

If your SSL certificates were updated while running that command manually, that means that they would have been updated while the next renew.pl cron task run.

The cron task is run on daily basis. The problem with the Let's Encrypt notification service is that it make an assumption on the SSL certificates renewal policy. Please read https://letsencrypt.org/docs/expiration-emails/

Also it seem that their notification service don't take into consideration SSL certificates that were shrinked or extended. For instance, if you add a subject alternative name to an SSL certificate through the Let's Encrypt plugin UI, this will result to the issuance of a new SSL certificate (SSL certificates are immutable). However, you'll still receive notifications for the old SSL certificate even through a notification for that old SSL certificate become irrelevant due to the new SSL certificate issuance that you made while adding subject alternative name. That point look really strange to me and thus, I'll try to obtain a better explaination from the Let's Encrypt team about this assertion because for me, such case should be handled as a SSL certificate renewal from the notification service point of view.

Regarding the default policy for SSL certificate renewals, it is set in the plugin configuration file. Default value is set to 10 days (in seconds). You can change that value by editing the plugin configuration file and by triggering a plugin list update through the plugin management interface.

Maybe it'd be a better idea to revoke certificates before shrinking them as well, to prevent these expiration emails for certificates that are no longer in use? Not all edge cases need to be worked out, but I think that these are things that are happening more often.

https://certbot.eff.org/docs/u…ing-existing-certificates