Bug #3399
Let's Encrypt: certificates not renewed
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | letsencrypt | |||
Target version: | v6.8-beta1 | |||
Security class: | Resolution: | |||
Affected version: | v6.7 | NEEDINFO: | No |
Description
Let's Encrypt certificates can't be renewed, since LE server has changed json output format: letsencrypt.sh client must be updated.
Output from LE script:
[root@zazo ~]# /usr/libexec/nethserver/letsencrypt-certs -v /usr/sbin/letsencrypt.sh --cron --config /etc/letsencrypt.sh/config.sh -d zazo.snalis.org -d recuputil.saint-nazaire.cc -d repo.snalis.org -d saint-nazaire.cc -d snalis.org -d webmail.snalis.org INFO: Using main config file /etc/letsencrypt.sh/config.sh Processing zazo.snalis.org with alternative names: recuputil.saint-nazaire.cc repo.snalis.org saint-nazaire.cc snalis.org webmail.snalis.org + Checking domain name(s) of existing cert... changed! + Domain name(s) are not matching! + Names in old certificate: d3e.snalis.org initiativeslocales.saint-nazaire.cc lenoyau.org monnaie.saint-nazaire.cc recuputil.saint-nazaire.cc repo.snalis.org saint-nazaire.cc snalis.org webmail.snalis.org www.lenoyau.org zazo.snalis.org + Configured names: recuputil.saint-nazaire.cc repo.snalis.org saint-nazaire.cc snalis.org webmail.snalis.org zazo.snalis.org + Forcing renew. + Checking expire date of existing cert... + Valid till May 26 17:12:00 2016 GMT (Less than 30 days). Renewing! + Signing domains... + Generating signing request... + Requesting challenge for zazo.snalis.org...
Thanks to Crazyusb and Duntan.
See http://community.nethserver.org/t/solved-lets-encrypt-trouble-to-renew/3472 for the full problem description and a workaround.
Related issues
History
#1 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.8-beta1
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
Updated to latest upstream release, except for the configuration file which still is named config.sh
(upstream changed it to config
).
#4 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
In 6.8/nethserver-testing:
- letsencrypt.sh-0.0.1-1.77.g0ce6edc.ns7.noarch.rpm
This is testable even on NS 6.7, install it using:
yum localinstall http://packages.nethserver.org/nethserver/6.8/testing/x86_64/Packages/letsencrypt.sh-0.0.1-1.77.g0ce6edc.ns7.noarch.rpmTest case 1
- Install on a clean machine
- Check the Let's Encrypt certificate is created for the first time
- Update an existing machine
- Execute the script, and check the certificate is renewed:
/usr/libexec/nethserver/letsencrypt-certs -v
#5 Updated by Nicola Rauso about 5 years ago
- Assignee set to Nicola Rauso
#6 Updated by Nicola Rauso about 5 years ago
- Status changed from ON_QA to TRIAGED
- Assignee deleted (
Nicola Rauso) - % Done changed from 70 to 20
Package installation doesn't execute database initialization.
#7 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#8 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#9 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
In nethserver-testing:
- nethserver-letsencrypt-1.0.2-1.1.gcae54c2.ns6.noarch
#10 Updated by Massimo Palazzetti about 5 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
#11 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from TRIAGED to MODIFIED
- % Done changed from 20 to 60
#12 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from MODIFIED to ON_QA
- Assignee set to Nicola Rauso
- % Done changed from 60 to 70
#13 Updated by Nicola Rauso about 5 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Nicola Rauso) - % Done changed from 70 to 90
Tested: OK
#14 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released in 6.8/nethserver-base:
- nethserver-letsencrypt-1.0.3-1.ns6.noarch.rpm
- letsencrypt.sh-1.0.0-1.ns6.noarch.rpm
#15 Updated by Giacomo Sanchietti almost 5 years ago
- Copied to Bug #3420: Let's Encrypt: certificates not renewed added