As @danb35 said, yes, when you installed acme.sh it created a cron entry for the current user (I suppose you installed it using sudo or directly root) so you could check it running the command crontab -l and you will see a line similar to this:
Its not working. The file hitch-bundle.pem doesn't exist. I believe the $Le_Domain variable doesn't exists in --renew-hook. Please check this out @sahsanu
I had some problems with hitch.service. Now hitch works but don’t know if my renew certificates work because I reached a rate limit
When can I retry a force renew? how long until the rate limit is up?
I've tested it again, new machine, clean acme.sh installation and the script works fine here. Did you modify the script? Did you get any error when trying to renew?. What are the perms of script /usr/local/bin/hitch-renew-hook ?
It depends on the rate limit you reached, I suppose you have reached the 5 duplicated certs per 7 days limit so it will depends on when the first duplicated cert was issued but if you started yesterday, in 6 days you could issue a new cert with the same domains.
It is important to use 4th level subdomain like a.b.domain.com instead of a 3rd level subdomain like b.domain.com because the wildcard already covers the 3rd level and LE will refuse to issue the cert.
But, don't do that, if you want to test it, use LE staging server, it will issue a non valid cert but as you are testing the procedure it should be ok. So just add --test parameter to your command and use another domain in the first place (-d a.b.domain.com instead of -d domain.com) or you could overwrite the certs you have already issued... so:
One question about wilcards:
In order to issue it does it have to be with dns as a prefered challenge? Is it the only way? Can it be through http? Why?
When I execute /usr/local/bin/hitch-renew-hook mydomain.com it creates the new pem file, so the problem it isn’t from the script.
The script has permission of 755 so any user can execute it.
Add set -e -x right under the shebang (#!) line of your script and run it again under acme.sh.
-e tells the shell to quit when there is an error and -x tells it to print the commands it is executing to the screen. Together these should provide some insight as to why your script is failing under acme.sh but working when you run it by itself.
It seems that where you use --renew-hook
you want it to do something (your script) on “any change”
But forcing it to renew isn’t really a triggered renewal… not exactly.
Maybe you want to look into --deploy-hook
If available, that may run your script whenever the cert is changed.
Ok. now I could create a hitch-bundle.pem file.
I have got one issue now. My certificate seems to not be valid. Can someone please visit my website https://mysite00538.com and please tell me what is wrong?
I have successfully done a renewal.
I was working before
The certificate is valid and is being sent correctly. However, your web server returns an empty response (literally no HTTP reply at all, not even an empty file). When I test with curl or Chromium, the empty response problem is clearly indicated. When I test with Firefox, it retries the request repeatedly and eventually gives up with an error that looks confusingly like a certificate error.
This is probably a proxy, firewall, or web application configuration error. For example, maybe the underlying service that the proxy connects users to disconnects or returns no data in response to requests.
Thank you. I am using varnish/hitch as my http proxy. The problem is with hitch, since I can have http and have reinstall hitch last time. Will redirect this question to the hitch forum. Thanks