Letsencrypt-auto renew skipping coomand even when domain is below 30 in expiry


My letsenc keeps skipping all domains even when a domain is expiring in less than 30 days… something could be wrong … any help would be appreciated… let me know if you need any logs…


@bmw, could you take a look? @TahaKazi, yes, I think logs would be useful, as well as the contents of /etc/letsencrypt/renewal/*.conf.


I’d be happy to take a look. Logfiles and renewal conf files in /etc/letsencrypt/renewal/*.conf would certainly be useful. You can message them to me directly if you prefer.


This is the conf file

cert = /etc/letsencrypt/live/clients.stzsoft.com/cert.pem
privkey = /etc/letsencrypt/live/clients.stzsoft.com/privkey.pem
chain = /etc/letsencrypt/live/clients.stzsoft.com/chain.pem
fullchain = /etc/letsencrypt/live/clients.stzsoft.com/fullchain.pem

Options and defaults used in the renewal process

installer = None
authenticator = webroot
account = cc11a629d8d89002c0c0ec48767c8080
clients.stzsoft.com = /home/stzsoft/www/clients
www.clients.stzsoft.com = /home/stzsoft/www/clients

Where are the logs… Im not so sure of the location… if you could poiint me there ill get that as well’

And Im really glad your support is so active!


The logs are in /var/log/letsencrypt. The logs are rotating so you may need to grep around a bit to find the a log where the problem occurred.

If you’re still having this problem, however, you can simply provide the output of your normal renew command with -tvv added on the command line.


ill get those logs… was caught up in some work…

another question… when I renew the cert… the values change… and I have to install the new cert again in my hosting panel… any way to automate the renewal completely…


root@cp [~/tools/letsencrypt]# ./letsencrypt-auto renew -tvv
Updating letsencrypt and virtual environment dependencies…
Requesting root privileges to run with virtualenv: /root/.local/share/letsencryp t/bin/letsencrypt renew -tvv
2016-04-15 18:50:19,959:DEBUG:letsencrypt.main:Root logging level set at 10
2016-04-15 18:50:19,959:INFO:letsencrypt.main:Saving debug log to /var/log/letse ncrypt/letsencrypt.log
2016-04-15 18:50:19,960:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-04-15 18:50:19,960:DEBUG:letsencrypt.main:Arguments: [’-tvv’]
2016-04-15 18:50:19,960:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegist ry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,Plugin EntryPoint#manual,PluginEntryPoint#standalone)

Processing /etc/letsencrypt/renewal/customgrafix.in.conf

2016-04-15 18:50:19,988:DEBUG:letsencrypt.plugins.selection:Requested authentica tor <letsencrypt.cli._Default object at 0x246c310> and installer <letsencrypt.cl i._Default object at 0x246c310>
2016-04-15 18:50:19,988:DEBUG:letsencrypt.cli:Default Detector is Namespace(acco unt=<letsencrypt.cli._Default object at 0x246b410>, agree_dev_preview=None, allo w_subset_of_names=<letsencrypt.cli._Default object at 0x246b1d0>, apache=<letsen crypt.cli._Default object at 0x246c110>, apache_challenge_location=<letsencrypt. cli._Default object at 0x246e7d0>, apache_ctl=<letsencrypt.cli._Default object a t 0x246ebd0>, apache_dismod=<letsencrypt.cli._Default object at 0x246e510>, apac he_enmod=<letsencrypt.cli._Default object at 0x246e410>, apache_handle_modules=< letsencrypt.cli._Default object at 0x246e810>, apache_handle_sites=<letsencrypt. cli._Default object at 0x246e710>, apache_init_script=<letsencrypt.cli._Default object at 0x246ea10>, apache_le_vhost_ext=<letsencrypt.cli._Default object at 0x 246e450>, apache_server_root=<letsencrypt.cli._Default object at 0x246e210>, apa che_vhost_root=<letsencrypt.cli._Default object at 0x246e890>, authenticator=<le tsencrypt.cli._Default object at 0x246c310>, break_my_certs=<letsencrypt.cli._De fault object at 0x246bd10>, cert_path=<letsencrypt.cli._Default object at 0x246b 2d0>, chain_path=<letsencrypt.cli._Default object at 0x2455c90>, checkpoints=<le tsencrypt.cli._Default object at 0x246bcd0>, config_dir=<letsencrypt.cli._Defaul t object at 0x2455a90>, config_file=None, configurator=<letsencrypt.cli._Default object at 0x246c310>, csr=<letsencrypt.cli._Default object at 0x246bed0>, debug =<letsencrypt.cli._Default object at 0x246b910>, domains=<letsencrypt.cli._Defau lt object at 0x2455cd0>, dry_run=<letsencrypt.cli._Default object at 0x24559d0>, duplicate=<letsencrypt.cli._Default object at 0x246b510>, email=<letsencrypt.cl i._Default object at 0x2455bd0>, expand=<letsencrypt.cli._Default object at 0x24 55ed0>, fullchain_path=<letsencrypt.cli._Default object at 0x2455e90>, func=<fun ction renew at 0x21c85f0>, hsts=<letsencrypt.cli._Default object at 0x246c150>, http01_port=<letsencrypt.cli._Default object at 0x246bc10>, ifaces=<letsencrypt. cli._Default object at 0x246b6d0>, init=<letsencrypt.cli._Default object at 0x24 6bad0>, installer=<letsencrypt.cli._Default object at 0x246c310>, key_path=<lets encrypt.cli._Default object at 0x246b090>, logs_dir=<letsencrypt.cli._Default ob ject at 0x2455690>, manual=<letsencrypt.cli._Default object at 0x246ce10>, manua l_public_ip_logging_ok=<letsencrypt.cli._Default object at 0x246ef90>, manual_te st_mode=<letsencrypt.cli.Default object at 0x246ee90>, nginx=<letsencrypt.cli. Default object at 0x246cc10>, no_self_upgrade=<letsencrypt.cli._Default object a t 0x246b710>, no_verify_ssl=<letsencrypt.cli._Default object at 0x246ba10>, noni nteractive_mode=<letsencrypt.cli._Default object at 0x24558d0>, num=<letsencrypt .cli._Default object at 0x246ca10>, os_packages_only=<letsencrypt.cli._Default o bject at 0x246b610>, post_hook=<letsencrypt.cli._Default object at 0x246c750>, p re_hook=<letsencrypt.cli._Default object at 0x246c650>, prepare=<letsencrypt.cli ._Default object at 0x246b8d0>, quiet=<letsencrypt.cli._Default object at 0x246b 810>, redirect=<letsencrypt.cli._Default object at 0x246bf10>, register_unsafely _without_email=<letsencrypt.cli._Default object at 0x2455ad0>, reinstall=<letsen crypt.cli._Default object at 0x2455dd0>, renew_by_default=<letsencrypt.cli._Defa ult object at 0x246b0d0>, renew_hook=<letsencrypt.cli._Default object at 0x246c8 50>, rsa_key_size=<letsencrypt.cli._Default object at 0x246be10>, server=<letsen crypt.cli._Default object at 0x246cad0>, staging=<letsencrypt.cli._Default objec t at 0x246c910>, standalone=<letsencrypt.cli._Default object at 0x246cd10>, stan dalone_supported_challenges=<letsencrypt.cli._Default object at 0x246ec50>, stri ct_permissions=<letsencrypt.cli._Default object at 0x246c550>, text_mode=True, t ls_sni_01_port=<letsencrypt.cli._Default object at 0x246bb10>, tos=<letsencrypt. cli._Default object at 0x246b310>, uir=<letsencrypt.cli._Default object at 0x246 c350>, user_agent=<letsencrypt.cli._Default object at 0x246cb10>, verb=‘renew’, verbose_count=True, webroot=<letsencrypt.cli._Default object at 0x246cf10>, webr oot_map=<letsencrypt.cli._Default object at 0x246ed90>, webroot_path=<letsencryp t.cli._Default object at 0x246e050>, work_dir=<letsencrypt.cli._Default object a t 0x2455890>)
2016-04-15 18:50:19,996:INFO:letsencrypt.renewal:Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/clients.stzsoft.com.conf

2016-04-15 18:50:20,000:INFO:letsencrypt.renewal:Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/stzsoft.com.conf

2016-04-15 18:50:20,004:INFO:letsencrypt.renewal:Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/customgrafix.in/fullchain.pem (skipped)
/etc/letsencrypt/live/clients.stzsoft.com/fullchain.pem (skipped)
/etc/letsencrypt/live/stzsoft.com/fullchain.pem (skipped)
No renewals were attempted.
2016-04-15 18:50:20,004:DEBUG:letsencrypt.renewal:no renewal failures
root@cp [~/tools/letsencrypt]#


Certificates have been created for these domains ( for example for clients.stzsoft.com they were created on the 6th and 8th of this month). These updated certificates are likely to be on your server ( in /etc/letsencrypt/live/ ). Since the script is checking them there - it’s correctly saying that they don’t need to be renewed.

Having said that, your website is not using these new certificates, it’s still using the old ones. This is why you think that they still need to be renewed.

You need to copy the certificates from /etc/letsencrypt/live/ into your control panel and update them for your sites.

This probably leads back to your question

What hosting panel do you have ? There are automatic methods for some control panels, but not all.



and some servers on vesta CP


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.