Check renew configuration

khl3o · May 18, 2018, 2:49pm

Hi,

I created my certificat with a

./letsencrypt-auto certonly --manual --email contact@domain.com --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns -d *.domain.com

My certificate works fine.

In the script output I have

To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew"

When I try to execute it I have

/etc/letsencrypt/live/domain.com/fullchain.pem expires on 2018-08-16 (skipped)

Ok, it’s legit but I would like to check now that all will good on time.

Is a way to check the configuration now ?

Thx

schoen · May 18, 2018, 5:12pm

The --dry-run option exists mainly for this purpose. It will attempt renewal early and use the staging server instead of the production server.

If you want to force the renewal to happen earlier, you can change the renewal period in /etc/letsencrypt/renewal/domain.com.conf (the built-in default is 30 days before expiry, which is in a commented-out setting which you can change to whatever you want, although if you permanently set it higher than 83 days you’re likely to run into problems with Let’s Encrypt rate limits).

You can also perform a single renewal with the option --force-renewal. Running certbot renew --force-renewal will renew all installed certificates using the same methods that certbot renew would have used when it decided that it was time to renew. If you have multiple certificates related to the same domain, or if you run several forced renewals in a row, you’ll eventually be stopped by rate limits. But just one for a single certificate shouldn’t cause any problems.

I used certbot in my descriptions of commands, but this is referring to the same software as letsencrypt-auto, which is the old name for certbot-auto.

rg305 · May 18, 2018, 8:43pm

Please show the script command.

khl3o · May 21, 2018, 10:41am

This is the ./letsencrypt-auto call in my original post

khl3o · May 21, 2018, 10:47am

Thanks a lot for the answer

My goal is to execute a command from Ansible to renew the certificate. So I would like to renew it whith a single command line.

I updated the /etc/letsencrypt/renewal/domain.com.conf file.

./letsencrypt-auto renew --force-renewal --standalone --preferred-challenges dns

But I have the following error:

Attempting to renew cert produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.

Is a way to renew the server certificates from a single command line ?

Thx

_az · May 21, 2018, 10:53am

Standalone mode only supports the HTTP challenge (and formerly TLS-SNI, which is now disabled). It doesn’t support the DNS challenge.

You either need to use --manual with a validation hook that implements DNS updates for your domain’s DNS host or use one of the available DNS plugins online. Which one will depend on who your domain’s DNS host is.

system · June 20, 2018, 11:03am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with certbot-auto renew - always renewing domain Help	1	3315	June 24, 2016
Reducing the auto-renewal interval Help	7	97	December 19, 2024
Certificate Renewal Help	13	875	January 14, 2024
Problem with automatic certificate renewal Help	6	2335	February 11, 2018
How to renew Let's Encrypt certificate automatically? Help	7	1798	December 2, 2020

Check renew configuration

Related topics