Every minute?
This job runs every minute?:
I don't see how that could do anything to copy/import new certs to cPanel.
Every minute?
This job runs every minute?:
I don't see how that could do anything to copy/import new certs to cPanel.
Double checking. That does seem crazy. Must be every dayā¦
ā¦Once per day. Confirmed.
Well, it wasnāt my idea, and now that you mention it, the last time and perhaps every time, it comes time for it to do itās thing, thereās some reason why it doesnāt achieve it, and I end up doing an acme.sh --renew-all
The closest thing I can find is:
/root/.acme.sh/acme.sh --deploy
Usage: acme.sh --deploy --domain <domain.tld> --deploy-hook <hookname> [--ecc]
But that would require you to have created the āhookā and called acme.sh with the --deploy
parameter [somewhere in a cron job or systemd timer]
That doesn't explain HOW cPanel gets the new certs [if from acme.sh].
Hereās the acme.sh file renamed acme.txt for the upload.
acme.txt (192.6 KB)
That seems default version 2.8.6.
And contains:
#domain hooks
deploy() {
_d="$1"
_hooks="$2"
_isEcc="$3"
if [ -z "$_hooks" ]; then
_usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] "
return 1
fi
Which may be the HOW to get this done.
I have version 2.8.8 and it doesnāt contain that section
This is just wild guessing here but how about trying:
./acme.sh --renew-all --deploy-hook cpanel
[naturally that would have to need to renew - wait for next renewal time]
OK then letās speed things up a bit⦠(forcefully to just one domain):
./acme.sh --renew born2.run --deploy-hook cpanel -f
Curious ā before doing that ā should it not be --renew trillionpictures.com
?
Any domain will do (for this test) - use that one instead then.
Please show the output of:
grep -ERi 'posthook|renewhook' ~/.acme.sh/
First of all, apologies for the delay. But IT WORKED!!!
so...
This is just wild guessing here but how about trying:
Seems like informed-intuition to me.
Stand by for grep
OMG ! ! !
You can't update that acme.sh client [keep a copy of the file somewhere else - as a backup]
_savedomainconf "Le_ **PostHook** " "$_post_hook" "base64"
_savedomainconf "Le_ **RenewHook** " "$_renew_hook" "base64"
Le_ **PostHook** ="$(_readdomainconf Le_ **PostHook** )"
Le_ **RenewHook** ="$(_readdomainconf Le_ **RenewHook** )"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_ **PostHook** " "$Le_ **RenewHook** " "$Le_LocalAddress" "$Le_ChallengeAlias"
Well grep is empty
But the other seems promisingā¦
Can you see the newly reissued cert in cPanel?
You canāt update that acme.sh client [keep a copy of the file somewhere else - as a backup]
Done! I save these pages as well.
So what does ādeploy-hook cpanel -f
do?
Presumably there's something baked into the acme.sh library that knows how to talk sweetly to cpanel?
--deploy-hook cpanel
Seems to tell acme.sh to look for cPanel and integrate this cert there.
[only on deployment - which means renewals in this case]
-f
is just a āforceā to renew the cert evern thou it isnāt yet due for renewal
[donāt add -f that to any script]
Can you see the newly reissued cert in cPanel?
Yes, absolutely.
To be clear, though, you could always "see" the problem domain (starsandstrife.com) in cPanel (under " Manage Installed SSL Websites" > FQDNs (there's a long list). In that list was the problem domain.
But below in cPanel where you "Browse Certificates" and choose the main domain and then "Autofill by Domain" -- that was the moment of failure: the "problem domain" didn't appear, and indeed when going to that domain in a web browser the certificate failed.
That's what you're "guess" (i.e. ./acme.sh --renew [main.domain] --deploy-hook cpanel -f
) fixed
Genius, batman. You deserve a cape.
Seems to tell acme.sh to look for cPanel and integrate this cert there.
[only on deployment - which means renewals in this case]
Also, it would seem for the cron job to work it would need to be updated to match your command, minus the -f
In any event, running acme.sh, if this finally works reliably every three months, is easy enough, I don't need a cron for it.
No, I don't think so.
Retry the last grep search again.
The last riddle unfolds itself...