Hi guys,
Months ago I’ve received info that I shall migrate to AcmeV2.
My webserver is custom build Tomcat 8.5.5 using Tomcat Native.
I have even written a tutorial how I did it (back in 2016): https://mladenadamovic.wordpress.com/2016/09/06/configure-tomcat-with-ssl-on-ubuntu-minimal/
It looked like the way to solve is to upgrade certbot (I had a version from the year 2016).
So I followed the instructions from:
But it seems this didn’t solve the problem.
I have received this email again.
#apt-get update
...
# apt-get install certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
certbot is already the newest version (0.31.0-1+ubuntu16.04.1+certbot+1).
With legacy reasons, I have this in my cron:
# m h dom mon dow command
5 1 1 * * /root/renew_cert_numbeo.sh
root@condor1796 ~ # cat renew_cert_numbeo.sh
#!/bin/bash
mkdir -p /tmp/letsencrypt/public_html
certbot certonly -n --force-renewal --webroot --webroot-path /tmp/letsencrypt/public_html -d numbeo.com -d www.numbeo.com \
-d es.numbeo.com -d pt.numbeo.com -d fr.numbeo.com -d ru.numbeo.com -d ja.numbeo.com -d de.numbeo.com -d nl.numbeo.com \
-d it.numbeo.com -d zh.numbeo.com -d ar.numbeo.com \
--agree-tos --email mladen.adamovic@gmail.com
/root/fix_letsencrypt_chmod.sh
if [ $? != 0 ]; then
date | mail -s "Lets encrypt renew certificate fails for numbeo.com" mladen.adamovic@gmail.com
else
/etc/init.d/tomcat restart
fi
This is in my systemctl:
root@condor1796 ~ # systemctl list-timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sun 2020-05-03 06:34:09 CDT 3h 47min left Sat 2020-05-02 06:36:54 CDT 20h ago apt-daily-upgrade.timer apt-daily-upgrade.service
Sun 2020-05-03 09:18:52 CDT 6h left Sat 2020-05-02 09:18:52 CDT 17h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Sun 2020-05-03 12:58:26 CDT 10h left Sun 2020-05-03 02:29:37 CDT 17min ago motd-news.timer motd-news.service
Sun 2020-05-03 13:25:59 CDT 10h left Sat 2020-05-02 21:45:54 CDT 5h 0min ago apt-daily.timer apt-daily.service
Sun 2020-05-03 20:21:43 CDT 17h left Sun 2020-05-03 02:29:20 CDT 17min ago certbot.timer certbot.service
n/a n/a Sat 2019-11-23 07:22:56 CST 5 months 9 days ago ureadahead-stop.timer ureadahead-stop.service
6 timers listed.
in cron.* there is a certbot as well:
root@condor1796 ~ # cat /etc/cron.*/certbot | tail -n 1
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
How to fix this so that this is working as intended?
Email error message:
According to our records, the software client you're using to get Let's
Encrypt TLS/SSL certificates issued or renewed at least one HTTPS certificate
in the past two weeks using the ACMEv1 protocol. Here are the details of one
recent ACMEv1 request from each of your account(s):
Client IP address: 2a01:4f8:150:1229::2
User agent: CertbotACMEClient/0.31.0 (certbot; Ubuntu 16.04.6 LTS) Authenticator/webroot Installer/None (renew; flags: n) Py/3.5.2
Hostname(s): "[numbeo.com](http://numbeo.com/)","[ar.numbeo.com](http://ar.numbeo.com/)","[de.numbeo.com](http://de.numbeo.com/)","[es.numbeo.com](http://es.numbeo.com/)","[fr.numbeo.com](http://fr.numbeo.com/)","[it.numbeo.com](http://it.numbeo.com/)","[ja.numbeo.com](http://ja.numbeo.com/)","[nl.numbeo.com](http://nl.numbeo.com/)","[pt.numbeo.com](http://pt.numbeo.com/)","[ru.numbeo.com](http://ru.numbeo.com/)","[www.numbeo.com](http://www.numbeo.com/)","[zh.numbeo.com](http://zh.numbeo.com/)"
Request time: 2020-05-01 12:24:18 UTC