Hi @dannysantos1985,
As @danb35 said, yes, when you installed acme.sh it created a cron entry for the current user (I suppose you installed it using sudo or directly root) so you could check it running the command crontab -l and you will see a line similar to this:
0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
Yes I can. Thank you all 
Its not working. The file hitch-bundle.pem doesn't exist. I believe the $Le_Domain variable doesn't exists in --renew-hook. Please check this out @sahsanu
That should work when you renew the cert not the first time you issue the cert.
It didn’t work @sahsanu .
I did: acme.sh --renew --force -d mydomain.com -d '*.mydomain.com' and still I can’t find the hitch-bundle.pem file
I had some problems with hitch.service. Now hitch works but don’t know if my renew certificates work because I reached a rate limit 
When can I retry a force renew? how long until the rate limit is up?
I've tested it again, new machine, clean acme.sh installation and the script works fine here. Did you modify the script? Did you get any error when trying to renew?. What are the perms of script /usr/local/bin/hitch-renew-hook ?
It depends on the rate limit you reached, I suppose you have reached the 5 duplicated certs per 7 days limit so it will depends on when the first duplicated cert was issued but if you started yesterday, in 6 days you could issue a new cert with the same domains.
To bypass this limit, add a new domain.
acme.sh --issue -d a.b.domain.com -d domain.com -d '*.mydomain.com' --dns dns_dynu --renew-hook '/usr/local/bin/hitch-renew-hook $Le_Domain' --post-hook 'systemctl reload hitch'
It is important to use 4th level subdomain like a.b.domain.com instead of a 3rd level subdomain like b.domain.com because the wildcard already covers the 3rd level and LE will refuse to issue the cert.
But, don't do that, if you want to test it, use LE staging server, it will issue a non valid cert but as you are testing the procedure it should be ok. So just add --test parameter to your command and use another domain in the first place (-d a.b.domain.com instead of -d domain.com) or you could overwrite the certs you have already issued... so:
acme.sh --issue -d a.b.domain.com -d '*.mydomain.com' --dns dns_dynu --renew-hook '/usr/local/bin/hitch-renew-hook $Le_Domain' --post-hook 'systemctl reload hitch' --test
Good luck,
sahsanu
You can use https://crt.sh to see when your certs were issued and from the most recent dates you can calculate when you can issue a new one.
One question about wilcards:
In order to issue it does it have to be with dns as a prefered challenge? Is it the only way? Can it be through http? Why?
Yes, only the DNS challenge is available to validate wildcard certificates.
@sahsanu After 6 days (today) I have tried to do a force renew using the command:
acme.sh --issue -d minho.win -d '*.minho.win' --renew-hook '/usr/local/bin/hitch-renew-hook $Le_Domain' --post-hook 'systemctl reload hitch' --dns dns_dynu --force
and it didn’t create my hitch-bundle.pem file.
When I execute /usr/local/bin/hitch-renew-hook mydomain.com it creates the new pem file, so the problem it isn’t from the script.
The script has permission of 755 so any user can execute it.
Add set -e -x right under the shebang (#!) line of your script and run it again under acme.sh.
-e tells the shell to quit when there is an error and -x tells it to print the commands it is executing to the screen. Together these should provide some insight as to why your script is failing under acme.sh but working when you run it by itself.
Hi @dannysantos1985,
This command…
acme.sh --issue -d minho.win -d '*.minho.win' --renew-hook '/usr/local/bin/hitch-renew-hook $Le_Domain' --post-hook 'systemctl reload hitch' --dns dns_dynu --force
…won’t launch hitch-renew-hook, it only tells acme.sh that the next time it will try to renew the cert, it should use the script hitch-renew-hook.
If you want to test it, execute this command:
acme.sh --renew --force -d minho.win
Also, before doing that, follow @Patches advise and add the set command in your script so we could debug it.
Cheers,
sahsanu
It seems that where you use
--renew-hook
you want it to do something (your script) on “any change”
But forcing it to renew isn’t really a triggered renewal… not exactly.
Maybe you want to look into
--deploy-hook
If available, that may run your script whenever the cert is changed.
I have achieve rate limit again. Will wait another 6 days I guess
It may be sooner than 6 days...
Ok. now I could create a hitch-bundle.pem file.
I have got one issue now. My certificate seems to not be valid. Can someone please visit my website https://mysite00538.com and please tell me what is wrong?
I have successfully done a renewal.
I was working before
Oi @dannysantos1985,
The certificate is valid and is being sent correctly. However, your web server returns an empty response (literally no HTTP reply at all, not even an empty file). When I test with curl or Chromium, the empty response problem is clearly indicated. When I test with Firefox, it retries the request repeatedly and eventually gives up with an error that looks confusingly like a certificate error.
This is probably a proxy, firewall, or web application configuration error. For example, maybe the underlying service that the proxy connects users to disconnects or returns no data in response to requests.
Thank you. I am using varnish/hitch as my http proxy. The problem is with hitch, since I can have http and have reinstall hitch last time. Will redirect this question to the hitch forum. Thanks