Let’s Encrypt Expiry Bot

Hello,
Using Ubuntu 18.04.2
I have never modified any settings of Lets Encrypt/Acme

The following email has just arrived:

Hello,

Your certificate (or certificates) for names listed below will expire in 10 days (on 02 Nov 19 21:00 +0000). Please, make your renewal certified before then, or your website will encounter errors.

We recommend renewing certificates automatically when they have a third of them
total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means
renewing 30 days before expiration. If it’s
https://letsencrypt.org/docs/integration-guide/ for details.

mydomain.it

I tried to manually start the command I have in crontab:
"/etc/letsencrypt"/acme.sh --cron --home "/etc/letsencrypt" > /dev/null

I get the following error:

[Wed Oct 23 23:04:23 CEST 2019] Error, can not get domain token entry mydomain.it
[Wed Oct 23 23:04:23 CEST 2019] Please add '--debug' or '--log' to check more details.
[Wed Oct 23 23:04:23 CEST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Wed Oct 23 23:04:23 CEST 2019] Error renew mydomain.it.

I re-launched the command with the –log parameter, this is the result:

EDIT
Updated pastebin log with –debug parameter too:
https://pastebin.com/e4rvBq11

Some idea?

Hi @GiacomoSilli

what’s the version of acme.sh you use?

Update it.

i’m using

#!/bin/bash

VER=2.8.0

What is the correct command to update? I never did it, I wouldn’t want to compromise the system.

I tried also to update with this command:
"/etc/letsencrypt"/acme.sh --upgrade

The version of acme did not change in the /etc/letsencrypt directory, but it changed to the /root/.acme.sh directory.

This is the result:
https://pastebin.com/XMLD6w1d

I have not solved the problem yet

Why do you use acme.sh in that directory? Use the version in /root/.acme.sh

Two versions are bad.

And why is v1 used? V1 is deprecated, read

and switch to v2.

2 Likes

Well, I can’t tell you the reason, I used the official guide to install the blog system I use.
it’s all automated.
Can you tell me how to make the switch?

Well I succeeded, with your advice,
I used the version in the root, associating it with the certificates in the /etc/letsencrypt folder with the option –home.
"/root/.acme.sh"/acme.sh --cron --home "/etc/letsencrypt"

It looks like they have been renovated properly:

[Sat Oct 26 14:01:06 CEST 2019] ===Starting cron===
[Sat Oct 26 14:01:06 CEST 2019] Renew: 'mydomain.it'
[Sat Oct 26 14:01:07 CEST 2019] Create account key ok.
[Sat Oct 26 14:01:07 CEST 2019] Registering account
[Sat Oct 26 14:01:09 CEST 2019] Registered
[Sat Oct 26 14:01:09 CEST 2019] ACCOUNT_THUMBPRINT='************************'
[Sat Oct 26 14:01:09 CEST 2019] Single domain='mydomain.it'
[Sat Oct 26 14:01:09 CEST 2019] Getting domain auth token for each domain
[Sat Oct 26 14:01:10 CEST 2019] Getting webroot for domain='mydomain.it'
[Sat Oct 26 14:01:10 CEST 2019] Verifying: mydomain.it
[Sat Oct 26 14:01:14 CEST 2019] Success
[Sat Oct 26 14:01:14 CEST 2019] Verify finished, start to sign.
[Sat Oct 26 14:01:14 CEST 2019] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/70331988/1368485349
[Sat Oct 26 14:01:15 CEST 2019] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/************************
[Sat Oct 26 14:01:15 CEST 2019] Cert success.
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
[Sat Oct 26 14:01:15 CEST 2019] Your cert is in  /etc/letsencrypt/mydomain.it/mydomain.it.cer
[Sat Oct 26 14:01:15 CEST 2019] Your cert key is in  /etc/letsencrypt/mydomain.it/mydomain.it.key
[Sat Oct 26 14:01:15 CEST 2019] The intermediate CA cert is in  /etc/letsencrypt/mydomain.it/ca.cer
[Sat Oct 26 14:01:15 CEST 2019] And the full chain certs is there:  /etc/letsencrypt/mydomain.it/fullchain.cer
[Sat Oct 26 14:01:16 CEST 2019] Run reload cmd: nginx -s reload
[Sat Oct 26 14:01:16 CEST 2019] Reload success
[Sat Oct 26 14:01:16 CEST 2019] ===End cron===

Thank you

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.