Tried renew certificate which expires about 5 days

Tahvo567 · April 11, 2022, 6:08am

I have ran this command

I have access machine console and dns. I have typed acme keys right.

./acme.sh --issue --dns -d xxxxx -d xxxxx --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew

I got pretty much same certificate which is expiring.

    Issuer: C = AT, O = ZeroSSL, CN = ZeroSSL RSA Domain Secure Site CA
    Validity
        Not Before: Jan 14 00:00:00 2022 GMT
        Not After : Apr 14 23:59:59 2022 GMT

Before I have renew certs and got new one which isnt expiring few days.

What may be a problem ?

9peppe · April 11, 2022, 6:24am

First of all, that's not a Let's Encrypt certificate.

Second, i don't think you're supposed to use --issue and --renew together.

Tahvo567 · April 11, 2022, 6:41am

Worked same way without --issue parameter.

    Validity
        Not Before: Jan 14 00:00:00 2022 GMT
        Not After : Apr 14 23:59:59 2022 GM

I am pretty sure that command has worked before because its same in bash history.

9peppe · April 11, 2022, 6:54am

I would've removed --renew while keeping --issue

Manual mode is usually not that intuitive. (You should check acme.sh documentation, but at least for Certbot, it just doesn't renew: it explicitly gets a new certificate.)

You should not use manual mode if you have alternatives.

danb35 · April 11, 2022, 2:31pm

The first problem is that you aren't using Let's Encrypt services or software, so you should really be seeking support somewhere else--this community isn't the support forum for acme.sh, nor for ZeroSSL. If you want to get a Let's Encrypt cert using acme.sh, you need to explicitly tell it to use that CA.

The second problem is that you've given us literally nothing to work with--none of the output of the command you ran (and I'd agree that --issue and --renew wouldn't ordinarily be used together), nor what you did to get the information you posted regarding the certificate's validity time, nor the domain name for any of us to have any idea what's going on.

But if I had to make a wild guess, it would be that you've issued a perfectly valid new cert (and possibly two of them), but you haven't restarted the service that's using that cert in order for it to recognize that you have a new cert.

Tahvo567 · April 12, 2022, 5:45am

Maybe problem is in zerossl site. Renew never worked. I got old certificate when using acme.sh.
Solution:

I created a new account and recreate certificate then it worked.

system · May 12, 2022, 5:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Acme_sh not renewing after 60 days - How to debug? Help	18	2743	July 28, 2022
Certificates about to expire, how to renew Help	2	379	October 26, 2022
The cert did not auto renew by acme.sh cronjob Help	34	1786	June 29, 2023
My certificate expired and I can not get acme.sh to renew it Help	21	7522	September 12, 2021
Cert is expiring and don't know how to renew Help	21	913	October 3, 2022

Tried renew certificate which expires about 5 days

Related topics