[solved] Cant renew Cert


#1

Hi,

im using this in my crontab.
@daily /home/letsencrypt/letsencrypt-auto certonly --config /etc/letsencrypt/cli.ini >> /var/log/log/letsencrypt.log

in the log it shows

Checking for new version…
Requesting root privileges to run letsencrypt…
/root/.local/share/letsencrypt/bin/letsencrypt certonly --config /etc/letsencrypt/cli.ini
Checking for new version…
Upgrading letsencrypt-auto 0.5.0 to 0.6.0…
Replacing letsencrypt-auto…
cp -p /home/letsencrypt/letsencrypt-auto /tmp/tmp.y0WLgzlaK9/letsencrypt-auto.permission-clone
cp /tmp/tmp.y0WLgzlaK9/letsencrypt-auto /tmp/tmp.y0WLgzlaK9/letsencrypt-auto.permission-clone
mv -f /tmp/tmp.y0WLgzlaK9/letsencrypt-auto.permission-clone /home/letsencrypt/letsencrypt-auto

but it doesn’t update my cert its valid too 27-5-2016

when i run that command from the command line it updates my cert ( it did last time) so i put it on a cronjob. it also runs everyday but it only seems to update the version.

the settings i use in the ini file

Use a 4096 bit RSA key instead of 2048

rsa-key-size = 4096

agree-tos
keep-until-expiring
apache

Always use the staging/testing server

server = https://acme-v01.api.letsencrypt.org/directory

Uncomment and update to register with the specified e-mail address

email = Email

Uncomment and update to generate certificates for the specified

domains.

domains = Domains.

Uncomment to use a text interface instead of ncurses

text = True

Uncomment to use the standalone authenticator on port 443

authenticator = standalone

standalone-supported-challenges = dvsni

Do i need to add to the ini or cron so it updates. Its been past 30 left left before expire.


#2

it is fixed for now.

i added the

standalone-supported-challenges = tls-sni-01

Didnt have to do that before.


#3

Is there a reason you’re not simply using “renew”?

Once you’ve created the certificate, it records the settings you used to create it, and uses them again when you “letsencrypt renew”. When you use “renew”, it checks the expiry on your certificates, and will automatically renew them once you have 30 days remaining. This has been an available option since… 0.3? 0.4? A while!


#4

letsencrypt renew --dry-run
Currently, the renew verb is only capable of renewing all installed certificates that are due to be renewed; individual domains cannot be specified with this action. If you would like to renew specific certificates, use the certonly command. The renew verb may provide other options for selecting certificates to renew in the future.

i kept keeping this message even when it was up for renewal.


#5

The problem is the domains = Domains in the ini file. letsencrypt renew interprets that as though you told it to renew those specific domains but not others, which it is not able to do. If you remove the domains = Domains from your ini file, letsencrypt renew should be able to proceed.


#6

letsencrypt renew --dry-run


Processing /etc/letsencrypt/renewal/domain.conf

2016-05-18 06:56:09,561:ERROR:letsencrypt_apache.configurator:No vhost exists wi th servername or alias of: domain. No vhost was selected. Please specify s ervernames in the Apache config
2016-05-18 06:56:09,721:WARNING:letsencrypt.renewal:Attempting to renew cert fro m /etc/letsencrypt/renewal/domain.conf produced an unexpected error: No vh ost selected. Skipping.
** DRY RUN: simulating ‘letsencrypt renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/Domain/fullchain.pem (failure)
** DRY RUN: simulating ‘letsencrypt renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

i commented out the domains =
and retried the command now i get this error.

i use vhosts in my apache config.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.