Bug #3399

Let's Encrypt: certificates not renewed

Added by Giacomo Sanchietti about 2 years ago. Updated about 2 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:letsencrypt
Target version:v6.8-beta1
Security class: Resolution:
Affected version:v6.7 NEEDINFO:No

Description

Let's Encrypt certificates can't be renewed, since LE server has changed json output format: letsencrypt.sh client must be updated.

Output from LE script:

[root@zazo ~]# /usr/libexec/nethserver/letsencrypt-certs -v
/usr/sbin/letsencrypt.sh --cron --config /etc/letsencrypt.sh/config.sh -d zazo.snalis.org -d recuputil.saint-nazaire.cc -d repo.snalis.org -d saint-nazaire.cc -d snalis.org -d webmail.snalis.org

INFO: Using main config file /etc/letsencrypt.sh/config.sh
Processing zazo.snalis.org with alternative names: recuputil.saint-nazaire.cc repo.snalis.org saint-nazaire.cc snalis.org webmail.snalis.org
+ Checking domain name(s) of existing cert... changed!
+ Domain name(s) are not matching!
+ Names in old certificate: d3e.snalis.org initiativeslocales.saint-nazaire.cc lenoyau.org monnaie.saint-nazaire.cc recuputil.saint-nazaire.cc repo.snalis.org saint-nazaire.cc snalis.org webmail.snalis.org www.lenoyau.org zazo.snalis.org
+ Configured names: recuputil.saint-nazaire.cc repo.snalis.org saint-nazaire.cc snalis.org webmail.snalis.org zazo.snalis.org
+ Forcing renew.
+ Checking expire date of existing cert...
+ Valid till May 26 17:12:00 2016 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating signing request...
+ Requesting challenge for zazo.snalis.org...

Thanks to Crazyusb and Duntan.

See http://community.nethserver.org/t/solved-lets-encrypt-trouble-to-renew/3472 for the full problem description and a workaround.


Related issues

Copied to NethServer 6 - Bug #3420: Let's Encrypt: certificates not renewed CLOSED

History

#1 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.8-beta1
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Updated to latest upstream release, except for the configuration file which still is named config.sh (upstream changed it to config).

#4 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
In 6.8/nethserver-testing:
  • letsencrypt.sh-0.0.1-1.77.g0ce6edc.ns7.noarch.rpm

This is testable even on NS 6.7, install it using:

yum localinstall http://packages.nethserver.org/nethserver/6.8/testing/x86_64/Packages/letsencrypt.sh-0.0.1-1.77.g0ce6edc.ns7.noarch.rpm 

Test case 1
  • Install on a clean machine
  • Check the Let's Encrypt certificate is created for the first time
Test case 2
  • Update an existing machine
  • Execute the script, and check the certificate is renewed:
    /usr/libexec/nethserver/letsencrypt-certs -v
    

#5 Updated by Nicola Rauso about 2 years ago

  • Assignee set to Nicola Rauso

#6 Updated by Nicola Rauso about 2 years ago

  • Status changed from ON_QA to TRIAGED
  • Assignee deleted (Nicola Rauso)
  • % Done changed from 70 to 20

Package installation doesn't execute database initialization.

#7 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#8 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#9 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
In nethserver-testing:
  • nethserver-letsencrypt-1.0.2-1.1.gcae54c2.ns6.noarch

#10 Updated by Massimo Palazzetti about 2 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

#11 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from TRIAGED to MODIFIED
  • % Done changed from 20 to 60

#12 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee set to Nicola Rauso
  • % Done changed from 60 to 70

#13 Updated by Nicola Rauso about 2 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Nicola Rauso)
  • % Done changed from 70 to 90

Tested: OK

#14 Updated by Giacomo Sanchietti about 2 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in 6.8/nethserver-base:
  • nethserver-letsencrypt-1.0.3-1.ns6.noarch.rpm
  • letsencrypt.sh-1.0.0-1.ns6.noarch.rpm

#15 Updated by Giacomo Sanchietti almost 2 years ago

  • Copied to Bug #3420: Let's Encrypt: certificates not renewed added

Also available in: Atom PDF