Help understanding expiration notices

Hi. I received an expiration notice for some of my domains (I have a dozen of them and got notices for 6 or them). They are now going to expire in 5 days. The email warns me that I should renew them before they expire, but I’m not sure how to do that. I was under the impression (perhaps mistaken) that they were going to automatically renew 30 days before the expiration date. Can someone help me figure out what, if anything, I did wrong and how I can set this up so that I don’t have to do anything every 90 days and they will still renew?

(Perhaps I should have started a new thread, but this is the same topic. I followed the solution, which is how I found out that my websites will expire in 5 days. )
My websites are:
newchurchofhope.com
newchurchofhope.org
taijiquanenthusiasts.org
tjqe.org
pagodawriters.com
opfl.org
asklepiosresearch.com
asklepiosresearch.org
hpl501c3.org
hplconsortium.com
syihtq.org
worldtaichiday.org

P.S. I did read the entire email, as well as the links in the solution above, but I’m afraid that it is over my head. I don’t really understand it, and I’m not sure of how much of that is the same as my setup. If I remember correctly, I think I installed certbot which was supposed to automatically renew the certification.

Hi @cjrhoads,

I think a new thread will be easier to manage for this case since the symptom is the same as the other thread but the root cause may be different. I went ahead and split your post off so we can continue here.

The best way to get started with this is for you to share a little bit more information about your current setup. Can you answer the new Help topic template questions for the community?

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

My domains are:
newchurchofhope.com
newchurchofhope.org
taijiquanenthusiasts.org
tjqe.org
pagodawriters.com
opfl.org
asklepiosresearch.com
asklepiosresearch.org
hpl501c3.org
hplconsortium.com
syihtq.org
worldtaichiday.org

I received an email telling me my domains will expire in 5 days and I don’t know what command to run.

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
Linux

My hosting provider, if applicable, is:
Godaddy hosting

I cannot login to a root shell on GoDaddy’s server as I use shared hosting.

I’m using a control panel to manage my site. Cpanel

The version of my client is acme.sh VER=2.8.2
I now remembr that I couldn’t use Certbot because of the lack of sudo rights, so I switched to acme.sh
You all helped me step by step through getting all of my websites certified so that SSL was running on them, but I do not remember all the steps and didn’t fully understand all that I was doing.

I did find the acme.sh folder on my web server, and I have putty installed so I can run commands, but I really don’t remember much of what I did before.
Any help that you can give would be much appreciated.

CJ Rhoads

I remember your thread.

You are right, it should have automatically renewed. acme.sh creates a cronjob (scheduled task) automatically when you install it.

What you can do is login to SSH, and run:

acme.sh --list

and

acme.sh --cron

And see what they say. We can go from there.

This is what it said for acme.sh --list

Main_Domain                       KeyLength  SAN_Domains
asklepiosresearch.org             ""         www.asklepiosresearch.org,asklepios                                                                                                                     research.com,www.asklepiosresearch.com                    Tue Jul 23 12:24:31 UT                                                                                                                     C 2019  Sat Sep 21 12:24:31 UTC 2019
mail.worldhealingday.com          ""         whd.hplconsortium.com,worldhealingd                                                                                                                     ay.com,www.whd.hplconsortium.com,www.worldhealingday.com
newchurchofhope.org               ""         www.newchurchofhope.org,newchurchof                                                                                                                     hope.com,www.newchurchofhope.com                          Tue Jul 23 16:23:02 UT                                                                                                                     C 2019  Sat Sep 21 16:23:02 UTC 2019
opfl.org                          ""         www.opfl.org                                                                                                                                                                                                      Sat Sep 21 07:07:35 UT                                                                                                                     C 2019  Wed Nov 20 07:07:35 UTC 2019
pagodawriters.com                 ""         www.pagodawriters.com                                                                                                                                                                                             Tue Jul 23 15:56:24 UT                                                                                                                     C 2019  Sat Sep 21 15:56:24 UTC 2019
pagodawriters.org                 ""         www.pagodawriters.org
syihtq.org                        ""         no                                                                                                                                                                                                                Tue Jul 23 02:17:51 UT                                                                                                                     C 2019  Sat Sep 21 02:17:51 UTC 2019
taichipark-masterjoutsunghwa.org  ""         www.taichipark-masterjoutsunghwa.co                                                                                                                     m                                                         Sat Sep 21 07:08:03 UT                                                                                                                     C 2019  Wed Nov 20 07:08:03 UTC 2019
taijiquanenthusiasts.org          ""         www.taijiquanenthusiasts.org,tjqe.o                                                                                                                     rg,www.tjqe.org                                           Tue Jul 23 16:26:30 UT                                                                                                                     C 2019  Sat Sep 21 16:26:30 UTC 2019
whd.hplconsortium.com             ""         worldhealingday.com,www.worldhealin                                                                                                                     gday.com
worldhealingday.com               ""         www.worldhealingday.com

(scroll over to the right to see the dates associated with the domains)

Then the acme.sh --cron responded with:
[Wed Oct 16 16:20:26 MST 2019] ===Starting cron===
[Wed Oct 16 16:20:26 MST 2019] Renew: ‘asklepiosresearch.org
[Wed Oct 16 16:20:27 MST 2019] Multi domain=‘DNS:asklepiosresearch.org,DNS:www.asklepiosresearch.org,DNS:asklepiosresearch.com,DNS:www.asklepiosresearch.com’
[Wed Oct 16 16:20:27 MST 2019] Getting domain auth token for each domain

I should note that at this point, I had to press Ctrl-C to get it to stop, because it never returned to the putty prompt.

Any help you can give would be most appreciated. I know that cron jobs are automated tasks, but I don’t have a clue as to how to set one up and run it.

Thanks
CJ Rhoads

This is the problem. It shouldn’t be hanging like that.

Before we dive into debugging that, it might be worth upgrading acme.sh to the latest version to see whether it resolves the problem:

acme.sh --upgrade

and try again:

acme.sh --cron

If not, we’ll have to start investigating. You can get extra information by adding --debug:

acme.sh --cron --debug
1 Like

Well - the update certainly fixed the hanging. When I ran the cron command,
here’s what I got. I’ll do the debug if you think it will help, but you may be able to figure out if it is working from this. It looks like there are some invalid responses, but I don’t know if that’s a serious error or just one of those temporary situations.

[Wed Oct 16 17:43:41 MST 2019] ===Starting cron===
[Wed Oct 16 17:43:41 MST 2019] Renew: ‘asklepiosresearch.org
[Wed Oct 16 17:43:42 MST 2019] Multi domain=‘DNS:asklepiosresearch.org,DNS:www.asklepiosresearch.org,DNS:asklepiosresearch.com,DNS:www.asklepiosresearch.com’
[Wed Oct 16 17:43:42 MST 2019] Getting domain auth token for each domain
[Wed Oct 16 17:43:44 MST 2019] Getting webroot for domain=‘asklepiosresearch.org
[Wed Oct 16 17:43:44 MST 2019] Getting webroot for domain=‘www.asklepiosresearch.org
[Wed Oct 16 17:43:44 MST 2019] Getting webroot for domain=‘asklepiosresearch.com
[Wed Oct 16 17:43:44 MST 2019] Getting webroot for domain=‘www.asklepiosresearch.com
[Wed Oct 16 17:43:44 MST 2019] Verifying: asklepiosresearch.org
[Wed Oct 16 17:43:47 MST 2019] asklepiosresearch.org:Verify error:Invalid response from https://asklepiosresearch.org/ [23.229.140.154]:
[Wed Oct 16 17:43:47 MST 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Oct 16 17:43:47 MST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Wed Oct 16 17:43:48 MST 2019] Error renew asklepiosresearch.org.
[Wed Oct 16 17:43:48 MST 2019] Renew: ‘mail.worldhealingday.com
[Wed Oct 16 17:43:48 MST 2019] Skip invalid cert for: mail.worldhealingday.com
[Wed Oct 16 17:43:48 MST 2019] Skipped mail.worldhealingday.com
[Wed Oct 16 17:43:48 MST 2019] Renew: ‘newchurchofhope.org
[Wed Oct 16 17:43:49 MST 2019] Multi domain=‘DNS:newchurchofhope.org,DNS:www.newchurchofhope.org,DNS:newchurchofhope.com,DNS:www.newchurchofhope.com’
[Wed Oct 16 17:43:49 MST 2019] Getting domain auth token for each domain
[Wed Oct 16 17:43:51 MST 2019] Getting webroot for domain=‘newchurchofhope.org
[Wed Oct 16 17:43:51 MST 2019] Getting webroot for domain=‘www.newchurchofhope.org
[Wed Oct 16 17:43:51 MST 2019] Getting webroot for domain=‘newchurchofhope.com
[Wed Oct 16 17:43:51 MST 2019] Getting webroot for domain=‘www.newchurchofhope.com
[Wed Oct 16 17:43:51 MST 2019] Verifying: newchurchofhope.org
[Wed Oct 16 17:43:54 MST 2019] newchurchofhope.org:Verify error:Invalid response from https://newchurchofhope.org/ [23.229.140.154]:
[Wed Oct 16 17:43:54 MST 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Oct 16 17:43:54 MST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Wed Oct 16 17:43:55 MST 2019] Error renew newchurchofhope.org.
[Wed Oct 16 17:43:55 MST 2019] Renew: ‘opfl.org
[Wed Oct 16 17:43:55 MST 2019] Skip, Next renewal time is: Wed Nov 20 07:07:35 UTC 2019
[Wed Oct 16 17:43:55 MST 2019] Add ‘–force’ to force to renew.
[Wed Oct 16 17:43:55 MST 2019] Skipped opfl.org
[Wed Oct 16 17:43:55 MST 2019] Renew: ‘pagodawriters.com
[Wed Oct 16 17:43:55 MST 2019] Multi domain=‘DNS:pagodawriters.com,DNS:www.pagodawriters.com’
[Wed Oct 16 17:43:56 MST 2019] Getting domain auth token for each domain
[Wed Oct 16 17:43:57 MST 2019] Getting webroot for domain=‘pagodawriters.com
[Wed Oct 16 17:43:57 MST 2019] Getting webroot for domain=‘www.pagodawriters.com
[Wed Oct 16 17:43:57 MST 2019] Verifying: pagodawriters.com
[Wed Oct 16 17:44:00 MST 2019] pagodawriters.com:Verify error:Invalid response from https://pagodawriters.com/ [23.229.140.154]:
[Wed Oct 16 17:44:00 MST 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Oct 16 17:44:00 MST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Wed Oct 16 17:44:00 MST 2019] Error renew pagodawriters.com.
[Wed Oct 16 17:44:00 MST 2019] Renew: ‘pagodawriters.org
[Wed Oct 16 17:44:00 MST 2019] Skip invalid cert for: pagodawriters.org
[Wed Oct 16 17:44:00 MST 2019] Skipped pagodawriters.org
[Wed Oct 16 17:44:00 MST 2019] Renew: ‘syihtq.org
[Wed Oct 16 17:44:01 MST 2019] Single domain=‘syihtq.org
[Wed Oct 16 17:44:01 MST 2019] Getting domain auth token for each domain
[Wed Oct 16 17:44:02 MST 2019] Getting webroot for domain=‘syihtq.org
[Wed Oct 16 17:44:02 MST 2019] Verifying: syihtq.org
[Wed Oct 16 17:44:05 MST 2019] Pending
[Wed Oct 16 17:44:07 MST 2019] Pending
[Wed Oct 16 17:44:10 MST 2019] Pending
[Wed Oct 16 17:44:12 MST 2019] Pending
[Wed Oct 16 17:44:15 MST 2019] syihtq.org:Verify error:Fetching http://syihtq.org/.well-known/acme-challenge/dlnsxaasoyCpTJZYPp0nQ1Q6h18w_NvJL2CwRcy5fUo: Timeout during connect (likely firewall problem)
[Wed Oct 16 17:44:15 MST 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Oct 16 17:44:15 MST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Wed Oct 16 17:44:15 MST 2019] Error renew syihtq.org.
[Wed Oct 16 17:44:15 MST 2019] Renew: ‘taichipark-masterjoutsunghwa.org
[Wed Oct 16 17:44:15 MST 2019] Skip, Next renewal time is: Wed Nov 20 07:08:03 UTC 2019
[Wed Oct 16 17:44:15 MST 2019] Add ‘–force’ to force to renew.
[Wed Oct 16 17:44:15 MST 2019] Skipped taichipark-masterjoutsunghwa.org
[Wed Oct 16 17:44:15 MST 2019] Renew: ‘taijiquanenthusiasts.org
[Wed Oct 16 17:44:16 MST 2019] Multi domain=‘DNS:taijiquanenthusiasts.org,DNS:www.taijiquanenthusiasts.org,DNS:tjqe.org,DNS:www.tjqe.org’
[Wed Oct 16 17:44:16 MST 2019] Getting domain auth token for each domain
[Wed Oct 16 17:44:21 MST 2019] Getting webroot for domain=‘taijiquanenthusiasts.org
[Wed Oct 16 17:44:21 MST 2019] Getting webroot for domain=‘www.taijiquanenthusiasts.org
[Wed Oct 16 17:44:21 MST 2019] Getting webroot for domain=‘tjqe.org
[Wed Oct 16 17:44:21 MST 2019] Getting webroot for domain=‘www.tjqe.org
[Wed Oct 16 17:44:21 MST 2019] Verifying: taijiquanenthusiasts.org
[Wed Oct 16 17:44:24 MST 2019] Pending
[Wed Oct 16 17:44:27 MST 2019] Pending
[Wed Oct 16 17:44:30 MST 2019] Pending
[Wed Oct 16 17:44:32 MST 2019] Pending
[Wed Oct 16 17:44:34 MST 2019] taijiquanenthusiasts.org:Verify error:Fetching http://taijiquanenthusiasts.org/.well-known/acme-challenge/tRh5HIIO1YEGKMDxjl6twZqBiBZdyDbTxHW1BxIFkW4: Timeout during connect (likely firewall problem)
[Wed Oct 16 17:44:34 MST 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Oct 16 17:44:34 MST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Wed Oct 16 17:44:36 MST 2019] Error renew taijiquanenthusiasts.org.
[Wed Oct 16 17:44:36 MST 2019] Renew: ‘whd.hplconsortium.com
[Wed Oct 16 17:44:36 MST 2019] Skip invalid cert for: whd.hplconsortium.com
[Wed Oct 16 17:44:36 MST 2019] Skipped whd.hplconsortium.com
[Wed Oct 16 17:44:36 MST 2019] Renew: ‘worldhealingday.com
[Wed Oct 16 17:44:36 MST 2019] Skip invalid cert for: worldhealingday.com
[Wed Oct 16 17:44:36 MST 2019] Skipped worldhealingday.com
[Wed Oct 16 17:44:36 MST 2019] ===End cron===

Again, I greatly appreciate all your help with this.
CJ

There’s one thing to be fixed, but I don’t think it’s going to be super complicated.

Do you remember when you added HTTP to HTTPS redirects to your domains? There’s a problem with the way you’ve set that up, that interferes with the renewal proces.

Currently, when somebody visits http://asklepiosresearch.org/.well-known/acme-challenge/test , they get redirected to https://asklepiosresearch.org/ .

This is a problem because the .well-known/acme-challenge/test is getting chopped off in the redirected URL. That’s the bit that breaks renewal.

If you look in the .htaccess file where you added the redirect, you will probably find something like (it’s not going to match exactly):

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://asklepiosresearch.org/ [L,R=301]

What you really want to do, in order not to break renewals, is something like:

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If that doesn’t make sense - try posting the .htaccess file you are using for that domain, and we can work through a solution for it.

1 Like

I wish I could say that it made sense, but it does not. Here is my .htaccess file:

AddHandler server-parsed .html
RewriteEngine On
RewriteCond %{HTTP_HOST} syihtq.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.) https://syihtq.org/ [R,L] RewriteEngine On RewriteCond %{HTTP_HOST} hpl501c3\.org [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*) https://hpl501c3.org/ [R,L]
RewriteCond %{HTTP_HOST} taijiquanenthusiasts.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.
) https://taijiquanenthusiasts.org/ [R,L] RewriteCond %{HTTP_HOST} asklepiosresearch\.org [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*) https://asklepiosresearch.org/ [R,L]
RewriteCond %{HTTP_HOST} opfl.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.) https://opfl.org/ [R,L] RewriteCond %{HTTP_HOST} pagodawriters\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*) https://pagodawriters.com/ [R,L]
RewriteCond %{HTTP_HOST} newchurchofhope.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.
) https://newchurchofhope.org/ [R,L] RewriteCond %{HTTP_HOST} taichipark-masterjoutsunghwa\.org [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*) https://taichipark-masterjoutsunghwa.org/ [R,L]

Somebody must have helped me with it, because I don’t really recognize much except the addhandler which allows the system to parse the html files as if they were php. (Yes, I know that’s not optimum, and I’m working to change that, but for now I have to keep it).

I figure RewriteRule and RewriteCond are the commands, and then they have some arguments which includes the domain. But I haven’t a clue why %{SERVER_PORT) 80 is repeated so many times. That might just be an error. And of course I don’t know what [NC] and [R,L] stand for, or the difference between ^(.)$ and just .

So please, any help you can give would be greatly appreciated.

Thanks
CJ Rhoads

It’s just a different way of making the same mistake :slight_smile: .

What you can do is to take every RewriteRule that looks like this (for every different domain):

RewriteRule ^(.) https://newchurchofhope.org/ [R,L]

and change it to:

RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

All we’re really doing is adding the REQUEST_URI to the redirect, which is the path after the domain.

1 Like

I’m not sure if this is an example, or exactly what I should type:
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Am I supposed to put
RewriteRule .* https://newchurchofhope.org/ [R,L]

or

RewriteRule .* https://newchurchofhope.org/%{REQUEST_URI} [R,L]

or exactly
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Can you explain?
And if it is the latter, do I do it for all of them? That would be the same thing over and over like the Server_Port is repeated?

Regarding the repetition, it’s best to think of these redirects as happening in “groups”.

You build up conditions with one or more RewriteCond statements, and use finish it off with the RewriteRule. Then it starts again.

That’s one “group”, which establishes a single redirect for the opfl.org domain.

The fixed version:

RewriteCond %{HTTP_HOST} opfl.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

All we’ve done is replaced the last line in the group.

So, for each group that you identify in your .htaccess, make the same change, which is to replace the last line in the group.

Based on the file you posted earlier, you just need to replace every RewriteRule line with the line I’ve suggested.

1 Like

Aha! That makes so much sense. Thanks for taking the time to explain it. I was not recognizing the pattern, but now that you’ve pointed it out, it makes perfect sense.

I’ll let you know if it works.
Thanks
CJ

1 Like

Well, it appears to have worked for the first domain, asklepiosresearch.org. But all the rest failed, so I must have done something wrong. Here’s the .htaccess file now:

AddHandler server-parsed .html
RewriteEngine On
RewriteCond %{HTTP_HOST} syihtq.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteEngine On
RewriteCond %{HTTP_HOST} hpl501c3.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} taijiquanenthusiasts.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} asklepiosresearch.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} opfl.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} pagodawriters.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} newchurchofhope.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} taichipark-masterjoutsunghwa.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Here is what I got when I reran the acme.sh --cron

[Wed Oct 16 18:34:27 MST 2019] ===Starting cron===
{many lines were deleted in edit for ease of reading in the future. Only the last few lines are left for troubleshooting purposes}

[Wed Oct 16 18:35:42 MST 2019] Renew: ‘taijiquanenthusiasts.org
[Wed Oct 16 18:35:42 MST 2019] Multi domain=‘DNS:taijiquanenthusiasts.org,DNS:www.taijiquanenthusiasts.org,DNS:tjqe.org,DNS:www.tjqe.org’
[Wed Oct 16 18:35:43 MST 2019] Getting domain auth token for each domain
[Wed Oct 16 18:35:45 MST 2019] Getting webroot for domain=‘taijiquanenthusiasts.org
[Wed Oct 16 18:35:45 MST 2019] Getting webroot for domain=‘www.taijiquanenthusiasts.org
[Wed Oct 16 18:35:45 MST 2019] Getting webroot for domain=‘tjqe.org
[Wed Oct 16 18:35:45 MST 2019] Getting webroot for domain=‘www.tjqe.org
[Wed Oct 16 18:35:45 MST 2019] Verifying: taijiquanenthusiasts.org
[Wed Oct 16 18:35:48 MST 2019] Pending
[Wed Oct 16 18:35:50 MST 2019] Pending
[Wed Oct 16 18:35:52 MST 2019] Pending
[Wed Oct 16 18:35:55 MST 2019] Pending
[Wed Oct 16 18:35:57 MST 2019] taijiquanenthusiasts.org:Verify error:Fetching http://taijiquanenthusiasts.org/.well-known/acme-challenge/ZlBCPq2h9ivJYVRZKmIo1ZBqBMVeYEBQdJ4bNnhv95I: Timeout during connect (likely firewall problem)

[Wed Oct 16 18:35:58 MST 2019] ===End cron===

Again, any help you can give would be most appreciated.
CJ

The remaining errors are puzzling.

Ostensibly they mean that your website is not responding to requests. But this is clearly untrue - your websites work fine.

The second possibility that comes to mind is that GoDaddy is rate limiting connections from Let’s Encrypt, or possibly rate limiting connections to your cPanel account.

One way to try prove this could be try renew the certificates individually, spaced apart in time, so that there is a lower likelyhood that rate limiting takes place. For example:

acme.sh --renew -d newchurchofhope.org

As for how rate limiting of connections potentially affects your automatic renewals - it should probably be fine, because acme.sh will retry every day. The first certificate renewed should succeed, and next time the second one would get its turn, and so on and so forth.

1 Like

I think you may be right. I ran the acme.sh cron again, and two other domains worked, and then the rest got that “may be a firewall” error again.
I’ll try renewing the ones that still didn’t renew.
Thanks
CJ

1 Like

I think I got them all. When I ran the list again, the dates are all either November or December.

The question is, however, is this going to be a problem in the future? Does the cron job not work because godaddy is putting some kind of limit on it? Or was this a one-time thing?
I have multiple email addresses on godaddy, and sometimes when I try to download all my email at one time and there is a lot, it times out and I have to wait a few minutes to try again. Will the cron job try again if it fails?

1 Like

There was a once-off problem, which was when acme.sh was hanging and you had to Ctrl-C it. It was preventing any renewal attempts, but you solved it with acme.sh --upgrade. That should be fixed permanently.

The other problem you will experience on an ongoing basis is the one with the timeout errors. I don’t know why they happen, they are probably the result of some kind of GoDaddy policy.

I don’t think you need to worry about them too much, though.

How I figure that is:

  • acme.sh runs its cron once per day, no matter what
  • You have observed that acme.sh can renew 1 or 2 certificates before it begins failing
  • acme.sh begins renewing certificates 30 days before they expire

Even if acme.sh only makes progress on 1 or 2 certificates per day, by the time 30 days passes, it should have worked through each certificate.

Still, it’s worth keeping an eye on it - and the Let’s Encrypt expiration reminder emails will help with that.

None of this is ideal - but if you’re stuck with GoDaddy, that’s all we can really do.

3 Likes

Thank you, thank you, thank you. You are really terrific. I couldn’t have done any of this without you.

Peace
CJ

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.