Get the most out of your Centmin Mod LEMP stack
Become a Member

SSL Letsencrypt Cloudflare Letsencrypt SSL certificate renewal questions

Discussion in 'Domains, DNS, Email & SSL Certificates' started by adamus007p, Jan 12, 2023.

  1. adamus007p

    adamus007p Member

    366
    18
    18
    Feb 8, 2019
    Ratings:
    +35
    Local Time:
    12:34 PM
    @eva2000 is this command will also add a cron that cron next time will update the domain automatically or not?

    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue-only domain2kr.com live


    if not, how to add a cron? how the line in cron should look?

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    8:34 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    There is already an existing auto renewal cronjob for all issued domains. You can view your cronjob via command
    Code (Text):
    crontab -l

    acme.sh client cronjob would have been added the very first time you created a nginx HTTPS vhost with Letsencrypt SSL Certificates.
     
  3. adamus007p

    adamus007p Member

    366
    18
    18
    Feb 8, 2019
    Ratings:
    +35
    Local Time:
    12:34 PM
    I do not see my domain in crontab. How may I add it manually?
    I was adding vhost with option 2, not 22 WP.
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    8:34 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    the acme.sh cronjob line should look like
    Code (Text):
    27 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

    it won't list the actual domain as acme.sh looks to /root/.acme.sh/* directories for your domain's .conf file
     
  5. adamus007p

    adamus007p Member

    366
    18
    18
    Feb 8, 2019
    Ratings:
    +35
    Local Time:
    12:34 PM
    Is it possible to list what will update/reissue which domains??
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    8:34 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Might want to start a new thread for each issue you have rather than tact onto this thread as in future I made not be able to find/understand your issues if they're mixed with others.

    If you manually run the cronjob renewal command it will try to renew all issued SSL certificates if it's within 30 days of expiry and list them all. If they aren't within 30 days of expiry it will just list the domain and skip renewal

    the command
    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    

    or you can run addons/acmetool.sh checkdates command to list what SSL certificates were successfully issued by Letsencrypt and which installed/configured at Nginx vhost level
    Code (Text):
    /usr/local/src/centminmod/addons/acmetool.sh checkdates
    

    That gives you an idea of what will reissue/renew when the time is due

    If you are on 130.00beta01 I also updated addons/acmetool.sh checkdates command to display what domain authentication method was used for Letsencrypt SSL certificate issuance - either default web root authentication or Cloudflare DNS API method https://community.centminmod.com/th...ol-sh-checkdate-option-in-130-00beta01.23544/

    example for updated output for checkdates option in addons/acmetool.sh showing Letsencrypt validation method used in 130.00beta01
    Code (Text):
    /usr/local/src/centminmod/addons/acmetool.sh checkdates
    
    ----------------------------------------------
    nginx installed
    ----------------------------------------------
    
    /usr/local/nginx/conf/ssl/domain1.com/domain1.com-acme.cer
    SHA1 Fingerprint=XXXX
    certificate expires in 88 days on 16 Mar 2023
    
    /usr/local/nginx/conf/ssl/domain2.com/domain2.com-acme-ecc.cer
    SHA1 Fingerprint=YYYY
    certificate expires in 68 days on 24 Feb 2023
    
    ----------------------------------------------
    acme.sh obtained
    ----------------------------------------------
    
    /root/.acme.sh/domain1.com/domain1.com.cer
    SHA1 Fingerprint=XXXX
    [ below certifcate transparency link is only valid ~1hr after issuance ]
    https://crt.sh/?sha1=XXXX
    certificate expires in 88 days on 16 Mar 2023
    Letsencrypt validation method: Le_Webroot='/home/nginx/domains/domain1.com/public'
    
    /root/.acme.sh/domain2.com_ecc/domain2.com.cer
    SHA1 Fingerprint=YYYY
    [ below certifcate transparency link is only valid ~1hr after issuance ]
    https://crt.sh/?sha1=YYYY
    certificate expires in 68 days on 24 Feb 2023
    Letsencrypt validation method: Le_Webroot='dns_cf'