How to renew a Mail Certificate?


#1

Hi,

i´m running Debian Stretch with Postfix and i wanna know you can i renew the Mail-Server-Cert?
At my cron there is only one for the Webserver, i thought that both where renewing, once a month.

15 00 * */1 * certbot -q renew

Bye
Timm


#2

They should be the same cert if they are the same domain.


#3

Hi,

no is different.
1.) www.tms-itdienst.at
2.) mail.tms-it.net

Bye
Timm


#4

If you created both using Certbot on the machine where that cron is then the renew step will (try to) renew both certificates.

Certbot renew means “check if any certificates expire in the next 30 days, if so renew them”.

For this reason, you should usually choose to run this more often, Let’s Encrypt recommends twice per day, in order that it will get to try again if there’s a transient error (e.g. loss of network connectivity) before expiry.


#5

Hi,

ah ok, i thought that if the cronjob runs the cert will be renewed for sure, ok thats only a check.
This is the output from certbot certificates:

Found the following certs:
Certificate Name: www.tms-itdienst.at
Domains: www.tms-itdienst.at tms-itdienst.at
Expiry Date: 2018-02-17 10:47:45+00:00 (VALID: 57 days)
Certificate Path: /etc/letsencrypt/live/www.tms-itdienst.at/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.tms-itdienst.at/privkey.pem
Certificate Name: mail.tms-it.net
Domains: mail.tms-it.net
Expiry Date: 2018-01-11 06:48:37+00:00 (VALID: 19 days)
Certificate Path: /etc/letsencrypt/live/mail.tms-it.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mail.tms-it.net/privkey.pem

So it should renew it on on January.
OK, thanks.
Timm


#6

Something might indeed be wrong because if you run certbot renew and it finds a certificate with fewer than 30 days of validity, it should attempt to renew it. This should be the case for your mail.tms-it.net certificate. It should not wait until January.

What do you see if you run certbot renew directly on the command line?


#7

That actually runs once a day, not once a month - */1 is the same as *

so yeah, this should have renewed already.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.