Ssl Next renewal is scheduled to be next month

Gonenenen · June 9, 2023, 1:32pm

Hello,
here is the log
[Fri Jun 9 04:23:05 PM IDT 2023] Running cmd: issue
[Fri Jun 9 04:23:05 PM IDT 2023] _main_domain='.com'
[Fri Jun 9 04:23:05 PM IDT 2023] _alt_domains='www..com'
[Fri Jun 9 04:23:05 PM IDT 2023] Using config home:/root/.acme.sh
[Fri Jun 9 04:23:05 PM IDT 2023] default_acme_server
[Fri Jun 9 04:23:05 PM IDT 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Jun 9 04:23:05 PM IDT 2023] DOMAIN_PATH='/root/.acme.sh/.com_ecc'
[Fri Jun 9 04:23:05 PM IDT 2023] Le_NextRenewTime='1691413345'
[Fri Jun 9 04:23:05 PM IDT 2023] _saved_domain='.com'
[Fri Jun 9 04:23:05 PM IDT 2023] _saved_alt='www..com'
[Fri Jun 9 04:23:05 PM IDT 2023] _normized_saved_domains='.com,www..com,'
[Fri Jun 9 04:23:05 PM IDT 2023] _normized_domains='.com,www.****.com,'
[Fri Jun 9 04:23:05 PM IDT 2023] Domains not changed.
[Fri Jun 9 04:23:05 PM IDT 2023] Skip, Next renewal time is: 2023-08-07T13:02:25Z
[Fri Jun 9 04:23:05 PM IDT 2023] Add '--force' to force to renew.

How can I accelerate the process of the renewal? (Ubuntu server)
Best,
G

Gonenenen · June 9, 2023, 1:35pm

Didn't mention but when I force the installation it's not working and I receive this error {'***@gmail.com': (554, b'5.7.1 ****@gmail.com: Relay access denied')}
[06.09.2023_13-22-20] Self signed SSL issued for ****.com.

MikeMcQ · June 9, 2023, 1:51pm

We'll need to know more info than what you've provided. Had you posted in the Help category you would have been shown the form below. Please complete as much as you can.

It looks like you have multiple problems. If I had to guess it might be related to this

github.com/usmannasir/cyberpanel

[BUG] Self-Signed SSL Certs being Issued for Valid Domains due to Acme.sh Failure

opened 02:01PM - 31 Mar 23 UTC

closed 08:39AM - 25 Apr 23 UTC

packetdog

Hello, We're hosting 8 sites on CyberPanel 2.3.4-dev on Ubuntu 22.04 LTS. Eve…rything is updated. We've been experiencing sites losing their SSL certificates as acme.sh fails, and CyberPanel issues a self-signed certificate. This has been documented on the forums ([here](https://community.cyberpanel.net/t/self-signed-certificate-after-2-3-3-upgrade/40822/7), [here](https://community.cyberpanel.net/t/failed-to-obtain-ssl-issuing-self-signed-ssl-for-domain-tld/41421/10), [here](https://community.cyberpanel.net/t/issue-with-auto-ssl-self-signed-ssl-after-the-update/41035), [here](https://community.cyberpanel.net/t/ssl-is-falling-off-sites/40752), [here](https://community.cyberpanel.net/t/cant-issue-ssl-certs/41616/7), and this list goes on...), however it was not until today that I was able to pull a log file from acme.sh to see what was happening. The attached log has been redacted, and all instances of MYDOMAIN are actually a valid and working .com domain name. All instances of IP.IP.IP.IP refer to our public IP address for this server. **At issue, in the log file attached, you will find that acme.sh pulls in the website root of /usr/local/lsws/Example/html which is of course not valid, so the challenge can't be completed.** The appropriate root for this site would be /home/MYDOMAIN.com/public_html/ which exitsts and has appropriate permissions. Additionally, manually running the ISSUE SSL command from the CyberPanel web UI corrects this issue, for a few weeks. It seems that some 10-20 days after manually renewing the certificates, the failure reoccurs, and causes a self-signed certificate to be issued. So for whatever reason this seems to break during the automation, but not when running manually from the Web UI. My only other _request_ related to this is: Is there a way to force CyberPanel to issue a notification if a self-signed certificate is EVER issued? I'd much rather get an email for this issue before my client notices that their site is having an issue. LOG FILE: [acme.sh-MYDOMAIN.log](https://github.com/usmannasir/cyberpanel/files/11122513/acme.sh-MYDOMAIN.log)

But, without more info there is little we could say about your problem

==========================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · June 9, 2023, 3:29pm

Hi @Gonenenen, and welcome to the LE community forum

Once you have answered all the questions in the previous post, please then respond to this post.

What does that mean?
Has the cert expired?

What does that mean "force the installation"?
Please show the command ran.

rg305 · June 9, 2023, 4:01pm

That can never fix anything that is broken - steer clear of using it.

Why are you using acme.sh to overwrite certbot certificate files???

rg305 · June 9, 2023, 4:05pm

Overwriting certbot symlinks will only create problems if/when you try to use certbot again.

Gonenenen · June 9, 2023, 4:10pm

I understand But we cannot back to the past right? Do you know maybe how can I fix the broken?

Gonenenen · June 9, 2023, 4:12pm

also I'm not using certbot, I use acme.sh

rg305 · June 9, 2023, 4:16pm

It must have used certbot at some point.
And my statement remains:

rg305 · June 9, 2023, 4:20pm

Let acme.sh put their certs in their normal locations.
Then point the web service to use the acme.sh certs [from their locations].
Go back and remove certbot and all related directories [/etc/letsencrypt].
[back it up, before deleted it, if you have any doubts about any remaining uses]

Gonenenen · June 9, 2023, 4:29pm

"Package 'certbot' is not installed, so not removed" I stg I don't know why it's happening

rg305 · June 9, 2023, 4:36pm

It MUST have been installed at some point.
The path /etc/letsencrypt/ is created by it.
Perhaps it was already removed OR it was installed via some previous name [like: letsencrypt / letsencrypt-auto / certbot-auto]

What shows?:
find / -name certbot*

Gonenenen · June 9, 2023, 4:39pm

No output at all

rg305 · June 9, 2023, 4:53pm

Ok, so, it has been uninstalled.
That still leaves the /etc/letsencrypt/ directory behind.
And, unfortunately, someone decided to switch to acme.sh and tried to make that switch seamless and reused the same file path/names.
[which was not something that would be recommended in this forum]
Like I said before:

Gonenenen · June 9, 2023, 5:17pm

This is something more related to the litespeed servers isn't it? how should I procced?

rg305 · June 9, 2023, 5:20pm

MikeMcQ · June 9, 2023, 5:26pm

You are trying to get a cert from ZeroSSL not Let's Encrypt. One of the threads you linked to (this one) shows how to change to Let's Encrypt.

It's possible your gmail relay issue is related to ZeroSSL. I have never seen that when using Let's Encrypt. And, I don't usually help debug problems with acme.sh and ZeroSSL. Actually, I didn't notice it until now

system · July 9, 2023, 5:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.