Autorenewal functional yet?

Hi everyone. Love letsencrypt. I've used it 2x now to renew certificates with success. The second time, just this morning, wasn't planned as I had a cron job in place in my Namecheap cPanel which as far as I understood, was supposed to automate the process. Well...it might have but for some reason the dates of renewal are not correct. My site literally stopped working which was how I realized the cron job didn't succeed. Namecheap had been sending me alerts saying that the SSL cert's would expire today and I believed the cron job would do it's thing prior. Seeing as I set the cron up months ago, however, it is obvious there was an error somewhere. I can only assume it's my Cron settings? Can someone let me know if I've missed something obvious? I thought it was all more or less automatic.

Got 422 error when trying to upload a photo showing this

When I wen to renew the cert manually, the command I used: .acme.sh/acme.sh --issue -d theanswerbookseries.com -d www.theanswerbookseries.com -w /home/theaovzp/public_html/ --force
worked because I added --force at the end as advised as below

Got 422 error when trying to upload a photo showing this

Note that the message says the cert is not due for renewal yet. Hence my confusion as according to Namecheap, the cert expired already. Not only that but my site went offline...

Would appreciate some pointers.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.theanswerbookseries.com

I ran this command: "/home/theaovzp/.acme.sh"/acme.sh --cron --home "/home/theaovzp/.acme.sh" > /dev/null`

It produced this output:

My web server is (include version): namecheap web server

The operating system my web server runs on is (include version): According to Namecheap: All servers run CloudLinux 6.x Operating System with Apache, MySQL, PHP, Perl and more.

My hosting provider, if applicable, is: Namecheap

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):Don't know what certbot is or how to use it

Hi @Dr.John, and welcome to the LE community forum

Please don't use the force.
The picture you removed shows you that the cert doesn't need to be renewed anytime soon.
It did not advise you to use the force.
It said:

Use "X" to do "X" - not a recommendation - not advice.
If you need to renew it sooner, then use the force.
But, you don't need to renew a cert that is not expired.

What problem are you trying to solve?
[feel free to show pictures - they paint thousand(s) of words]

Thanks for the reply...Yes, according to the Terminal the cert was not expired. But according to Namecheap it was. I can only assume there must be some user error involved, but as stated, my site literally went down because of this. I got only a white screen, which I've never seen before. So I went to cPanel and saw that indeed the certificate was expired, as numerous alerts from namecheap attest.

Also here is the pic of my Namecheap Cron settings in case someone can tell me what the problem might be.

Just to be clear, I'm trying to figure out:

1. Why letsencrypt/terminal and Namecheap have different ideas about my cert expiry date
2. Why my cron job didn't work. Is it due to the date confusion? Or my settings? Just don't know what to think. Please see below.

Sorry - as a new user I can apparently only embed one image per post.

Thanks!

Namecheap cron settings

The cron job shown is used to premanently setup another cron job.
That other job should renew the cert.
That said, it ONLY renews the cert.
The web server doesn't know anything about such renewals; There is always a second step for that part.
That second step could be:

• manually inserting the new cert into some sort of panel
• reloading/restarting the web service [to pickup the updated cert files]
• running a script that handles more complicated cert uses [like with Apache Tomcat]

Since you are using cPanel, I'm confused as to why you would need to do anything outside of that panel to renew and use your cert(s).

I see where they get the Jan 14, 2024 expiration [it's the last line shown above].
But two certs have been issued since then.
Something isn't configured correctly within cPanel.
I would talk with your hosting provider about that.

Hi thanks for the reply.

To be clear, I'm not a programmer per se, just someone who has learned a thing or two over the years from working with IT guys!

Some months ago I followed a tutorial with instructions on how to:

1. Renew a cert via letsencrypt (manually) with letsencrypt
2. Set up a cron job to repeat this process automatically when cert is due for renewal

Having completed the steps I believed I wouldn't need to deal with renewing certs again and the process would all be done automatically. Not quite correct?

I take it from your comments that while the cert should renew with the cron job, I will need to copy and paste the cert and key into Namecheap to complete the process. Makes sense now.

Yet it seems to me that the threads etc I read were built around the idea that somehow the whole process was automated more or less, ie along the lines of your option number 2

'reloading/restarting the web service to pick up the updated cert files

Or

'running a script that handles more complicated cert uses [like with Apache Tomcat]'

As for your comment below:
"I'm confused as to why you would need to do anything outside of that panel to renew and use your cert(s)."

I'm not going outside cPanel as far as I know.

I appreciate your insight.

But your not using the panel to have it do the cert management either.
There should be a place in there [somewhere] that the panel itself can be put in charge of renewing the cert and reloading the web service [all by itself].

Oh I think I see what you mean. From what I've read Namecheap tries to make SSL self renewal as difficult as possible so they can sell you their SSL renewal service. Thus while it's possible to do renew through the Terminal, there doesn't seem to be a way to take this any further. Which is why I watched tutorials specifically for using letsencrypt with Namecheap and likely whey the cron job was included as a way to automatically renew the cert. The vid just omitted the fact that the user would have to copy and paste the cert manually each time it had to be renewed. Unless someone can figure out a workaround that is.

Regardless, I'm grateful for letsencrypt! Really great to see this kind of thing going on.

Sadly, that's only half of the process:

- renew cert     <<<<<<<< CRON JOB
- use [new] cert <<<<<<<< Manual JOB

Just adding extra to what rg305 said ...

It looks like you are using namecheap shared hosting. You generally have to follow what a provider of shared services offers as you don't have control of all aspects of the server.

I say this because I see your domain is handled by Litespeed which namecheap says is part of their Shared services. Does this sound like what you bought from namecheap?

I am not sure what other advice you followed but perhaps it was for people who run their own servers. That probably won't apply to shared servers as you are finding out.

Your domain response

curl -I http://theanswerbookseries.com/.well-known/acme-challenge/Test404
HTTP/1.1 301 Moved Permanently
server: LiteSpeed
location: https://theanswerbookseries.com/.well-known/acme-challenge/Test404
x-turbo-charged-by: LiteSpeed

Thanks, crystal clear now.

Yes, good point. I'm glad for the ability to renew the cert period and some people say that shared hosting makes the process a bit more complicated. Which it did, from memory. But as long as it works I'm happy in the end.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.