Help with renew

gantorys · October 7, 2016, 7:56pm

Hi, I had already a certificate in july,

I ran this command (from documentation) and it seems ok:

certbot-auto renew --dry-run

and this is the output:

Performing the following challenges:
http-01 challenge for mydomain.com
http-01 challenge for www.mydomain.com
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.

But when I enter to mydomain and I get the certificate info, it shows that expires in October, so apparently is not renewed…

Is it the normal behaviour and it “changes” to the new certificate when it expires (Oct 17) or I missed something?

I also restart apache.

Thx.

pfg · October 7, 2016, 8:13pm

Just to clarify: Do you have a cronjob that runs the certbot-auto renew command without --dry-run, and do your logs indicate that this cronjob ran successfully? (--dry-run is what you use to test renewal manually after setting up the client - it basically simulates the renewal process, stopping short of actually modifying the files on disk. You wouldn’t want to use that to actually renew.)

Another thing to consider, in case the certificates were renewed: Do you reload your web server as part of the renewal cronjob? Most server software needs to be reloaded when the certificates change. You can combine this with the renew command using something like certbot renew --post-hook "service apache2 reload" (using apache on Debian/Ubuntu as an example, the command might differ for your OS/server software).

gantorys · October 7, 2016, 8:15pm

@pfg I don’t have any scripts to autorenew. So I guess I have to run

certbot-auto renew

instead of

certbot-auto renew --dry-run

And restart the server…?

(I realize that --dry-run is a test)

pfg · October 7, 2016, 8:17pm

Yep, that should do it.

gantorys · October 7, 2016, 8:21pm

@pfg Thx, noob mistake I guess.

Everything Ok.

system · November 6, 2016, 8:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is auto-renew working correctly? Help	8	8600	February 15, 2020
Renew certificates Help	5	516	December 28, 2022
Why won't certbot-auto renew the certificates expiring in less than 2 weeks? Help	10	3846	January 13, 2017
Certificate expired auto renew not happening Server	5	999	July 20, 2018
CRON[3889]: Authentication token is no longer valid; new one required Help	2	2480	January 13, 2017

Help with renew

Related topics