SSL crontab not auto-renewing - Bitnami, NGINX, Wordpress hosted with Google Cloud

Hi guys,

I followed this tutorial https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Everything worked well and I also created the renew script which was scheduled to renew on 1st of May, but unfortunately it didn’t auto-renew. After digging deep I found that there is a another crontab under the user “bitnami” which was empty.

Could this be the reason it was not renewed? Would you suggest that I should add the crontab to both these locations?

sudo crontab -l
sudo crontab -l -u bitnami

What’s the content of that script?
What’s your domain name?

Domain is https://www.monzi.com.au (Kindly note that the domain is behind cloudflare)

#!/bin/bash

sudo /opt/bitnami/ctlscript.sh stop nginx
sudo /opt/bitnami/letsencrypt/lego --tls --email=“myemail.com.au” --domains=“monzi.com.au” --domains=“www.monzi.com.au” --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start nginx

Did you use Bitnami user to execute that file? (and have you tried if Bitnami user can access that file?)

No I used sudo to execute that file, so I reckon it should have worked? Unless letsencrypt decided not to renew the certificates? Here is the certificates I have in the origin. So it was last renewed by the script on April 11, but I made the script so that it auto-renews via crontab.

  • Server certificate:
  • subject: CN=monzi.com.au
  • start date: Apr 11 13:31:08 2020 GMT
  • expire date: Jul 10 13:31:08 2020 GMT

Hi,

I believe Lego (the client you used) will renew the certificate a bit longer… It should renew around 60 days after the previous one is issued.
The command renew is intended for people to use in crontab or automated fashion, so they can set it to run once per day and it’ll check if a certificate need to renew.

By the way, you should consider running the crontab as Bitnami user, and check the file permission (to Bitnami user/group).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.