WebFaction
Community site: login faq

I've installed an SSL cert created by LetsEncrypt with acme.sh. I've installed the cron job to renew the certificate. I did this on Feb 25. The certificate was due to expire in 90 days, on May 26.

When I look at the certificate files on disk, they have been created when I expect (30 days before the old one expired):

[@web597:~/.acme.sh/nedbatchelder.com] $ ls -al
total 28
-rw-r--r-- 1 nedbat nedbat 1647 Apr 26 00:58 ca.cer
-rw-r--r-- 1 nedbat nedbat 3481 Apr 26 00:58 fullchain.cer
-rw-r--r-- 1 nedbat nedbat 1834 Apr 26 00:58 nedbatchelder.com.cer
-rw-r--r-- 1 nedbat nedbat  539 Apr 26 00:58 nedbatchelder.com.conf
-rw-r--r-- 1 nedbat nedbat  989 Apr 26 00:58 nedbatchelder.com.csr
-rw-r--r-- 1 nedbat nedbat  216 Apr 26 00:58 nedbatchelder.com.csr.conf
-rw-r--r-- 1 nedbat nedbat 1675 Feb 25 12:58 nedbatchelder.com.key

When I examine the certificate file, it shows the expected new expiration date (in July):

[@web597:~/.acme.sh/nedbatchelder.com] $ openssl x509 -enddate -noout -in nedbatchelder.com.cer
notAfter=Jul 24 23:58:00 2017 GMT

When I look at my ssl-certificates page in the control panel, it says the certificate expires in May. If I edit the contents of the certificate, it looks like it has the same contents as the newly created certificate in my directory.

When I use an external tool to check the expiration date (https://www.sslshopper.com/ssl-checker.html#hostname=nedbatchelder.com), it shows the certificate will expire in May.

It seems like the control panel is showing me the contents of the files on disk, but those files have not actually been installed for use in the web server.

Is there some automated way to get the cron-renewed certificates used on the site?

asked 29 Apr, 13:30

Ned%20Batchelder's gravatar image

Ned Batchelder
283
accept rate: 100%

We've been working to integrate LetsEncrypt into the control panel (no ETA at this time). The cron should remind and generate the new certs, but it will not install them. For the time being that needs to be done manually.

(29 Apr, 22:31) NickR ♦♦ NickR's gravatar image

I ended up using the script from https://manikos.github.io/webfaction-letsencrypt-django to update the certs with the API.

(30 Apr, 12:30) Ned Batchelder Ned%20Batchelder's gravatar image
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×14

question asked: 29 Apr, 13:30

question was seen: 185 times

last updated: 30 Apr, 12:30

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM