Koozali.org: home of the SME Server

Renewing letsencrypt certificate

Offline ReetP

  • *
  • 3,869
  • +5/-0
Re: Renewing letsencrypt certificate
« Reply #15 on: October 14, 2021, 09:15:37 AM »
The fundamental issue is a lack of understanding of what you are trying to achieve.

Renewing certificates != upgrading rpms

Classic http://xyproblem.info/

So you hadn't kept up with progress (if you want to administer a server you need to keep abreast of changes... This was discussed here before long ago) and your certs failed to update, so rather than understand the issue which was change to API 2 and re-generate your certs with 'dehydrated -c -x' (you should really enable test mode first to check) which would take about 2 minutes, you decided to remove the whole thing.

No, cert date periods are not decided by us so we can't change that. Again, go read why.  (If you really want longer periods you'll probably need to buy a certificate).

But a cronjob has taken the pain of renewal away and has been renewing them automagically since you first installed. So it is a non issue.

It just couldn't any more due to the API change.

Next time read thoroughly before attempting a solution, and if you are not sure then ask before trying.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline sages

  • *
  • 184
  • +0/-0
    • http://www.sages.com.au
Re: Renewing letsencrypt certificate
« Reply #16 on: October 14, 2021, 09:20:03 AM »
I think we are having a major communications failure here  :sad:
Read all of what I have posted in the last post.
I even gave you a link to where to start following the wiki.
ok, I didn't explicitely state not to follow the entire wiki.

got to here:

follow the wiki from here
https://wiki.koozali.org/Letsencrypt#V2_API  scroll down to -> "For creating a new certificate or updating a V2 set to 2"
DO NOT ENABLE V1 API ONLY V2 API


Then follow the enable test mode and the test should now work. If not, stop and report back.
If the test works ok, then continue to follow the wiki to enable production mode.

DO NOT TRY AND REINSTALL THE CONTRIB
...

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Renewing letsencrypt certificate
« Reply #17 on: October 14, 2021, 09:34:20 AM »
Yeah its me...... I'm exhausted been a long day.

It worked here is what it said

 config setprop letsencrypt API 2
[root@www ~]# signal-event console-save
[root@www ~]# config show letsencrypt
letsencrypt=service
    ACCEPT_TERMS=yes
    API=2
    configure=none
    email=admin@domain1.com
    hookScript=disabled
    keysize=NUMBER
    signal-event=console-save
    status=test
[root@www ~]# letsencrypt=service
[root@www ~]#    ACCEPT_TERMS=yes
[root@www ~]#    API=2
[root@www ~]#    configure=none
[root@www ~]#    email=####@#####.###
[root@www ~]#    hookScript=disabled
[root@www ~]#    status=enabled
[root@www ~]# config setprop letsencrypt status test
[root@www ~]# signal-event console-save
[root@www ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
Processing xxxx.com with alternative names: mail.xxxx.com www.xxxx.com
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Oct 14 01:57:52 2021 GMT (Less than 30 days). Renewing!
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 3 authorizations URLs from the CA
 + Handling authorization for xxxx.com
 + Handling authorization for mail.xxxx.com
 + Handling authorization for www.xxxx.com
 + 3 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for xxxx.com authorization...
 + Challenge is valid!
 + Responding to challenge for mail.xxxx.com authorization...
 + Challenge is valid!
 + Responding to challenge for www.xxxx.com authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
Set up modSSL db keys
Signal events
All complete
 + Done!

Is there something else I need to do because it still says it's expired in a browser?

Thanks

Offline TerryF

  • grumpy old man
  • *
  • 1,836
  • +6/-0
Re: Renewing letsencrypt certificate
« Reply #18 on: October 14, 2021, 09:41:45 AM »
all good..been there effed that :-)

That warm all over glow when you push the button and the bastard does what it is supposed to do..

have fun, life is to short
--
qui scribit bis legit

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Renewing letsencrypt certificate
« Reply #19 on: October 14, 2021, 09:50:14 AM »
hahaha  :) Yes its nice I was ready to trash the server and start over....

I agree life is too short.. I'm trying! :)


Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Renewing letsencrypt certificate
« Reply #20 on: October 14, 2021, 10:33:36 AM »
Before you remind I'm an Idiot again. I got it.... Thanks for Helping me sorry being a pain in the rear......

Offline ReetP

  • *
  • 3,869
  • +5/-0
Re: Renewing letsencrypt certificate
« Reply #21 on: October 14, 2021, 10:35:11 AM »
Quote
Because it still says it's expired in a browser

Have you read the test of the wiki where it says:

"Enable Production Mode"

Because from your comment above you are still in test mode.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Renewing letsencrypt certificate
« Reply #22 on: October 14, 2021, 10:42:47 AM »
I did I'm sorry It works now I saved this discussion so I don't have to ask again in January being the administrator for this server is one of the many things I do. I knew it was expiring didn't have time to deal with it till now......

I'm Sorry for bothering you guys......

Offline sages

  • *
  • 184
  • +0/-0
    • http://www.sages.com.au
Re: Renewing letsencrypt certificate
« Reply #23 on: October 14, 2021, 10:49:31 AM »
You don't have to renew it next year, it checks automatically once a week and if less than 30 days are left to expiry it auto renews it.
YOU DON'T HAVE TO TOUCH ANYTHING.
LEAVE YOUR HANDS IN YOUR POCKETS.  :D

Admin or whoever the email is configured to in the config

config show letsencrypt
letsencrypt=service
    ACCEPT_TERMS=yes
    API=2
    configure=none
    email=admin@domain1.com
    hookScript=disabled
    keysize=NUMBER
    signal-event=console-save
    status=test

should get an email every week (friday I think) saying it has either checked the certificate is still valid or that it has renewed it for you.

If the email configured above isn't your email address (or the server admin's email address) change it so that it is. correct. If you don't know how then please ask how to change it.
...

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Renewing letsencrypt certificate
« Reply #24 on: October 14, 2021, 12:17:56 PM »
Oh okay good to know. Thank you for the help I appreciate it!!! Sorry for being slow at getting what you were telling me.

Offline sages

  • *
  • 184
  • +0/-0
    • http://www.sages.com.au
Re: Renewing letsencrypt certificate
« Reply #25 on: October 15, 2021, 03:34:44 AM »
Did you configure the email address and did you get an auto email this morning (depending upon your timezone) reporting that an update to your letsencrypt certificate was attempted?
If not sort out the email address and see what happens next friday. Not much point having an automated process that you don't avail yourself of a status update. Better to sort it now than wait for a surprise in 3 months time.
...

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Renewing letsencrypt certificate
« Reply #26 on: October 16, 2021, 06:23:57 AM »
Yeah good point.. I forgot about it sadly... To much going on here in my neck of the woods....... No it appears I did not get an email saying an attempt was made to upgrade lets encrypt. I have it programmed for admin@domain1.com its where I got the message that it was expiring.

Do I just run this code to check to make sure its programmed correctly??

config show letsencrypt
letsencrypt=service
    ACCEPT_TERMS=yes
    API=2
    configure=none
    email=admin@domain1.com
    hookScript=disabled
    keysize=NUMBER
    signal-event=console-save
    status=test

Thanks

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Renewing letsencrypt certificate
« Reply #27 on: October 16, 2021, 06:29:33 AM »
Nevermind!!! it came! Yaaa!

# INFO: Using main config file /etc/dehydrated/config
Processing xxxx.com with alternative names: mail.xxxx.com www.xxxx.com
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Jan 12 07:28:37 2022 GMT (Longer than 30 days). Skipping renew!

Offline TerryF

  • grumpy old man
  • *
  • 1,836
  • +6/-0
Re: Renewing letsencrypt certificate
« Reply #28 on: October 16, 2021, 06:32:00 AM »
just needs patience :-)
--
qui scribit bis legit

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Renewing letsencrypt certificate
« Reply #29 on: October 16, 2021, 08:54:11 AM »
Yes Good Point!