Topic: SSL Certificate for different VirtualHost

[DanB35]

If certificate is still valid for more than 30 days, after checking it, letsencrypt.sh will exit and never bother the Let's Encrypt servers; so my cron job runs every third day of every month at 02h15. It should not be a busy time for the Let's Encrypt servers.

I'd still suggest running the cron job more often (like daily).  With it running once a month, there's only one chance for it to run and renew your certs, and if it encounters any problems while doing that, the next run won't be until the cert is already expired.  And depending on exactly how the dates/times interact, the renewal might not run at all before the cert expires.

Here's an example of that:  Suppose your cert expires on 2 Aug at 02:30.  When your cron job runs at 3 Jul at 02:15, the cert still has more than 30 days left (by 15 minutes), so letsencrypt.sh doesn't renew it.  Your cert expires on 2 Aug, and letsencrypt.sh doesn't run again until 3 Aug to renew it.  One day without a valid cert probably isn't a terrible thing, but there's no reason for it to happen.

As you've determined, the expiration check happens locally; it never hits the LE servers to do that.  So there's no real reason not to call letsencrypt.sh -c more often.

[michelandre]

Hi all,

DanB35, thank you very much to point this fact.

In the situation you mentioned, on july 3rd at 02h30 the certificate will be still valid for 30 days. At 02h15 it will be valid for more than 30. If the program which calculates the number of days didn't rounded or cut the result, then it will be 30.xxx which is longer than 30 and renewal won't take place. This really demonstrates a programming "side effect".

I will do as you suggested and run the cron job daily.

Thank you again,

Michel-André

[DanB35]

Since you've taken the time to write it up in French, would you mind adding it to the wiki?

[Stefano]

Michel-André

your documentation work is appreciated, but we all prefer you to collaborate in the wiki.

thank you

[davidS]

Hi all,

Finally, I finished testing letsencrypt.sh. 

- Test certificate - single/multiple domains: get certificate, renew, force renew, revoke, and automatic renew if necessary with a cron job
- Official certificate: same procédures.

If certificate is still valid for more than 30 days, after checking it, letsencrypt.sh will exit and never bother the Let's Encrypt servers; so my cron job runs every third day of every month at 02h15. It should not be a busy time for the Let's Encrypt servers.

I did a French documentation of my tests:
PDF: https://www.micronator.org/PDF/SME/RF-232_SME-9.1_LetsEncrypt/RF-232_SME-9.1_LetsEncrypt.sh.pdf
SHA-1: https://www.micronator.org/PDF/SME/RF-232_SME-9.1_LetsEncrypt/RF-232_SME-9.1_LetsEncrypt.sh_SHA-1.txt

Thank you all, without your help I would have not finished those tests,

Michel-André

hello everyone
it is a great job what you have done .
is there anyone who could translate it to english so i can to enjoy this wonderful work please.
thank you

[DanB35]

There's a pretty thorough English write-up at https://wiki.contribs.org/Letsencrypt I recommend the letsencrypt.sh method.

[Edited by pfloor to correct link]

[michelandre]

Hi all,

DanB35: Since you've taken the time to write it up in French, would you mind adding it to the wiki?

Stefano: your documentation work is appreciated, but we all prefer you to collaborate in the wiki.

I finally updated my documentation on MediaWiki and created a virtual machine to test it. I exported the original Let's Encrypt LibreOffice .odt file to mediawiki format and copied it into a wiki page. I cut all the references to images and the long test mode explanations. I finally learned how to write a wiki page.

My Let's Encrypt howto page in mediawiki text is now at: https://www.micronator.org/PDF/SME/RF-232_SME-9.1_LetsEncrypt/LetsEncrypt_MINIMUM_MediaWiki_2016-05-12_18h17.txt.

The full PDF is at: https://www.micronator.org/PDF/SME/RF-232_SME-9.1_LetsEncrypt/RF-232_SME-9.1_LetsEncrypt.sh.pdf.

If someone can test it and put it somewhere, it will be appreciated,

Michel-André

[guest22]

Deleted.