Issue with Renewal

AbdulHadi · August 6, 2020, 1:59pm

Hi,

I have configured Let’s Encrypt. My certificate expired on 30th July 2020. It should be renewal automatically using cronjob but it didn’t happened.

Due to some security reasons i have changed cron job default permissions. Is this stopped my renewal.

Default Permissions:
drwxr-xr-x 2 root root 4096 May 27 12:36 cron.d/
drwxr-xr-x 2 root root 4096 Jun 8 22:05 cron.daily/
drwxr-xr-x 2 root root 4096 May 27 11:14 cron.hourly/
drwxr-xr-x 2 root root 4096 May 27 12:36 cron.monthly/
-rw-r–r-- 1 root root 1042 Feb 14 02:14 crontab
drwxr-xr-x 2 root root 4096 May 27 12:40 cron.weekly/

Changed Permissions:

drwx------ 2 root root 4096 May 27 12:36 cron.d/
drwx------ 2 root root 4096 Jun 8 22:05 cron.daily/
drwx------ 2 root root 4096 May 27 11:14 cron.hourly/
drwx------ 2 root root 4096 May 27 12:36 cron.monthly/
-rw------- 1 root root 1042 Feb 13 20:44 crontab
drwx------ 2 root root 4096 May 27 12:40 cron.weekly/

I am using AWS EC2 Instance, due to some reasons my IP Address has been changed. Is this impact on my renewal.

i need root cause of this issue.

could please reply me on this.

Thanks!

9peppe · August 6, 2020, 2:47pm

What acme client are you using?

AbdulHadi · August 6, 2020, 3:02pm

I am using Certbot Client in Ubuntu 20.04.

FYI
$ ll /etc/cron.d
-rw-r–r-- 1 root root 775 Sep 14 2018 certbot

9peppe · August 6, 2020, 3:19pm

ok, what does certbot certificates say?

and then, check the logs for a reason why renewal fails,

eventually, check the systemd timer: systemctl list-timers --all

AbdulHadi · August 6, 2020, 3:26pm

Actually, I have resolved the issue but i didn’t find the route cause of this issue.

I need clarity on this.

Suppose, in future IP address may be changed or may not. For which reason my renewal was stopped due to ip address or else cron job.

help me to sort out the root cause.

Thanks!

JuergenAuer · August 6, 2020, 4:23pm

Hi @AbdulHadi

the ip address of your machine isn't relevant. Normally, it's the ip of the domain you want to create a certificate.

But if you use dns validation, you can run the client on another machine. Then you may have trouble to install the certificate.

So: Nobody knows your setup, nobody knows an answer.

AbdulHadi · August 7, 2020, 9:13am

Hi @JuergenAuer

Ok Got it.

Present i have renewed the my certificate and next time my renewal process will go smoothly using cron job.
For your reference screenshot is below.

please have a look and let me know.

Thanks @JuergenAuer for your support.

AbdulHadi · August 7, 2020, 9:25am

Hi @JuergenAuer

the systemd timer output is below: **systemctl list-timers --all**

JuergenAuer · August 7, 2020, 9:41am

Check in two months if the renew has worked.

AbdulHadi · August 7, 2020, 10:35am

Okay sure i will monitor it.

Thanks!

system · September 6, 2020, 10:35am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.