Back in July I setup Let’s Encrypt certificates using Acme PHP (Let’s Encrypt client 1.0.0-beta4) on my web server and all was well. I even forced a renewal of the certificate and that worked as well. Now it is October and the first non test renewal is due and it is not renewing.
The message I am receiving when I run “php acmephp.phar request mydomain.com” is as follows.
[Swift_TransportException]
Connection could not be established with host mydomain.com [php_network_getaddresses: getaddrinfo failed: Name or service not known #0]
This would seem to indicate it that it could not resolve the domain name to the local IP address of the server that is also the location of Acme PHP. However nothing has changed with /etc/hosts or /etc/resolv.conf between July and October so I am at a loss.
Is there an Acme PHP user that may have seen this before?
More than likely the problem is with something less obvious - like CAA.
If you would give the actual FQDN, then someone may be able to figure out the problem.
After playing around for a while without success, I blew everything away except for the current about to expire certificates located in the directories where sendmail and apache look for them.
I then started at square one including registering and proving that I owned the domains.
All went smoothly and when I was done I forced a renewal and the certificate renewed without errors.
I have no idea what created the error I was experiencing, and although it would have been nice to find out why, it appeared that it was going to be a real time sink.
I also built a script for cron to run once a month that will force a renewal, distribute the new certificates in their proper directories and send me an email as a reminder to check on how it went. If there are no problems with this install after several months, I will go back to the daily check with renewal one week before expiration.
The recommended implementation is attempting renewal twice daily in cron. By default, Certbot will only renew certificates within 30 days of expiration. This gives plenty of buffer time for issues.
If that were the case with Acme PHP, I would certainly go that route. Unfortunately the default for renewal unless you force it is one week or less before expiration. Forcing it once a month only adds one, or possibly two, extra renewals over the the Certbot implementation so it seems a pretty good compromise until I know for certain this current install will behave.