-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Renewal doesn't work #2
Comments
Thanks for reporting this. How are you running the renewal, exactly? The command you cited is pretty much a one-shot thing. It won't do renewals by itself. The debugs indicate a "--force-renewal" option... I'm guessing there's a cronjob or something going on here? |
Sorry about not specifying. The initial failure was through the normal certbot cronjobs, and also running a "certbot renew" manually. Since my certificate was expiring, I reissued it as a new cert, then attempted to reproduce the issue by forcing the renewal, since certbot won't renew if it doesn't have to otherwise. The renewal also fails in cronjobs and with a normal "certbot renew". |
What arguments were used by the cronjob and the manual "certbot renew" command? Were the required options present? I'd like to reproduce your issue ... What exactly (beyond the plugin's readme) do I need to do to reproduce your result? |
Absolutely. The cronjob isn't actually a cronjob at all; Debian is now shipping a systemd timer, which is below:
So essentially it's running
Notice there's no parameters that were passed to the plugin. Steps to reproduce, at least for me:
One way this might work would to write a custom cronjob that runs throw a full reissuance every 90 days, since that does appear to work, but doing that would be using certbot incorrectly. The certbot documentation wants you to use |
Also experiencing issues renewing. Here is some output to help out: -bash-4.2$ certbot renew Processing /etc/letsencrypt/renewal/HOST.confShould renew, less than 30 days before certificate expiry 2017-11-15 03:05:00 UTC. All renewal attempts failed. The following certs could not be renewed: |
The plugin doesn't appear to pick up the certbot-asa:asa-host option when renewing. Because this option is unspecified, the plugin throws an error on renewals.
Here's the error log on the renewal:
The certificate was installed with:
The text was updated successfully, but these errors were encountered: