Renewing Let's Encr...
 
Notifications
Clear all

Renewing Let's Encrypt SSL certificate

8 Posts
3 Users
0 Likes
3,764 Views
Posts: 68
Topic starter
(@dolphyn5)
Estimable Member
Joined: 7 years ago
  • For a Let's Encrypt certificate, the SolidCP "Renew Certificate" button doesn't behave as expected. It pops up a "Generate CSR" screen instead of renewing the certificate. (I've found the "New Certificate" function works well in this case, but "Renew" would be more intuitive.)
  • The Certificate Info in SolidCP would be more useful if it showed the SSL provider (for example, Let's Encrypt)
  • (The following might not be a SolidCP issue, but seems relevant.) Many of our Let's Encrypt certificates have not auto-renewed as expected. This is the reason I'm noticing the "Renew" behavior. I'm not certain if these certificates were installed within SolidCP or some other way, but at minimum they had been imported into SolidCP.

Thanks!

7 Replies
Posts: 1964
Admin
(@m-tiggelaar)
Noble Member
Joined: 8 years ago

Hello,
First 2 issues i will check out and see what i can do (code lock is tomorrow so i don't think i can fix this before next release but atleast it can be fixed in the future).
Third: It should auto renew using the Letsencrypt win simple task in windows task management (outside of solidcp).
Only reason i am aware of when it doesn't work proper is when one of the bindings doesn't resolve anymore. (might be worth to check for sites that failed).
You can also manually check using the Letsencrypt win simple client included in the SolidCP ServerbinLetsEncrypt

Reply
Posts: 68
Topic starter
(@dolphyn5)
Estimable Member
Joined: 7 years ago

I checked the letsencrypt-win-simple scheduled task, and it was pointing to an old installation instead of the SolidCP one. I deleted the old task and I see that a new one appeared after I used SolidCP to install a new certificate on one of the sites.

Edit: I confirmed the updated scheduled task was able to renew at least one certificate that previously was failing to auto-renew. But SolidCP still displays the old expiration date for that certificate.

Thanks!

Reply
Posts: 68
Topic starter
(@dolphyn5)
Estimable Member
Joined: 7 years ago

I think the first two issues are still the same in SolidCP 1.4.2 (and they are low priority).

And as for the third, I think I found the reason I've had so many failing LetsEncrypt auto-renewals.
https://community.letsencrypt.org/t/automatic-renewal-not-working-on-w2012-iis-8-5/27838

Apparently the certificate information from SolidCP installs will be stored in
C:UsersAll Usersletsencrypt-win-simplehttpsacme-v01.api.letsencrypt.org
while the ones I install from command line are stored in
C:UsersAdministratorAppDataRoamingletsencrypt-win-simplehttpsacme-v01.api.letsencrypt.org

So, to get all certificates auto-renewing properly, apparently I need TWO letsecnrypt-win-simple scheduled tasks, one that runs under the system account and another that runs as my Administrator user.

(The SolidCP server user doesn't seem to have a Users folder, just goes under All Users?)

Thanks!

Reply
Posts: 1456
Admin
(@trobinson)
Noble Member
Joined: 8 years ago

Hello,

Your issue is due to the fact when we run letsencrypt.exe we use the command parameter --usedefaulttaskuser which causes it to use the default app data location.

If you have ran it manually then it would not use this and use the users appdata. To get this fixed then you should be able to remove the LE certificate and either run it using the above or from SolidCP.

Regards,

Trevor

Reply
Page 1 / 2
Share: