Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:acme.sh --renew -d vadim.com.ru --force
It produced this output:Wed Dec 7 15:32:08 MSK 2022] Renew: 'vadim.com.ru'
[Wed Dec 7 15:32:08 MSK 2022] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Wed Dec 7 15:32:09 MSK 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Dec 7 15:32:09 MSK 2022] Single domain='vadim.com.ru'
[Wed Dec 7 15:32:09 MSK 2022] Getting domain auth token for each domain
[Wed Dec 7 15:32:11 MSK 2022] Getting webroot for domain='vadim.com.ru'
[Wed Dec 7 15:32:11 MSK 2022] Adding txt value: bhYUSnTMNJ8ljFep83G4BCDk1knRU0rozWYsqqHuYLk for domain: _acme-challenge.vadim.com.ru
[Wed Dec 7 15:32:11 MSK 2022] You need to export PDD_Token=xxxxxxxxxxxxxxxxx.
[Wed Dec 7 15:32:11 MSK 2022] You can get it at https://pddimp.yandex.ru/api2/admin/get_token.
[Wed Dec 7 15:32:11 MSK 2022] Error add txt for domain:_acme-challenge.vadim.com.ru
[Wed Dec 7 15:32:11 MSK 2022] Please add '--debug' or '--log' to check more details.
[Wed Dec 7 15:32:11 MSK 2022] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
My web server is (include version): nginx/1.18.0
The operating system my web server runs on is (include version):TrueNAS-SCALE-22.02.4
My hosting provider, if applicable, is: self
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I have created a pdd token and not got stuck at this point. When I run my cron job like so :/root/ .acme.sh/acme.sh --cron it returns success and the cron is set weekly however nothing happends and I received a notification e-mail today that I have one week left only.
in this file: /root/.acme.sh/account.conf. Or shall do ```
export pddxxx=/root/acme/sh ? I am confused a bit. Could you help me with the command to export pdd please?
I've got it originally on TrueNAS Core via certbot - here I issued it via acme.sh on TrueNAS Scale. Never renewed on TrueNAS Scale, only on Core via certbot.
Yes - one of the disks went bad so i replaced it and then used the back up configuration. Today acme.sh was not present on the system so I installed fresh
That is good.
I think acme.sh needs to relearn how to renew this cert.
I'm not an acme.sh expert...
I would just delete the cert and get a new one [after backing up the entire folder].
But there may be a simpler way.
For some unknown reason, the acme.sh dns_yandex plugin you seem to be using does not appear to have saved the token it needs. While it's unclear to me how that could have happened, here are some ideas (untested as I don't use that plugin).
Run these commands:
export PDD_Token=<your token>
(where <your token> is replaced with your actual token value)
then run the renew command again from the same shell session:
acme.sh --renew -d vadim.com.ru
The yandex acme.sh plugin should save the token automatically and reuse it on subsequent renewals. If that does not happen there may be a bug in the plugin code, but I can't see an obvious problem.
If the above has not resolved your issue, you can do some further diagnosis: acme.sh should save your token in your account config, usually located at
~/.acme.sh/account.conf
after running the above commands, there should be a line
Hmm - acme.sh --renew -d vadim.com.ru
[Fri Dec 16 22:21:23 MSK 2022] Renew: 'vadim.com.ru'
[Fri Dec 16 22:21:23 MSK 2022] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 16 22:21:23 MSK 2022] Skip, Next renewal time is: 2023-02-05T09:01:52Z
[Fri Dec 16 22:21:23 MSK 2022] Add '--force' to force to renew.
However the cer does not work anymore the connection is not secure and it still shows like this in Gui:GUI SSL Certificate:letsencrypt-2022-09-17-212604. How is that possible?
Could be due to multiple reasons. For example, acme.sh also has some kind of "install" command, which is basically just some kind of copy action from its "internal" cert storage to somewhere else (kinda useless if you'd ask me). I don't know if that copy action is automatically done when renewing. Please see the acme.sh documentation about this to double check.
Another reason could be that your webserver (or other service) needs to be reloaded/restarted.