Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    The renewal of certificates does not take place

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 2 Posters 773 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomasenskede @Gertjan
      last edited by

      @Gertjan

      /usr/local/etc/rc.d/haproxy,sh restart

      its a comma

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @tomasenskede
        last edited by

        @tomasenskede

        A file name that contains a comma.
        Never seen that before.

        Cut and paste is failing ?

        The "examples" use a dot :

        521982ea-54df-4ed5-91bb-78d20db60e39-image.png

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        T 1 Reply Last reply Reply Quote 0
        • T
          tomasenskede @Gertjan
          last edited by

          @Gertjan thanks, its corrected now. but still, the cert isnt renewed... can this be the error?

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @tomasenskede
            last edited by

            @tomasenskede

            When you activate a manual renewal, by hitting :

            6ef7ba68-dcd2-42a0-a5e2-fc683a499b52-image.png

            does it work ?
            If it didn't, at the end a log file is mentioned, that contains all the "why it didn't work' messages.
            The acme log file ^^

            Btw : don't hit that button to often !! You are not allowed to renew the cert several,times (5 or so per week). Doing it more often and you will be punished (renewal will fail).

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            T 1 Reply Last reply Reply Quote 0
            • T
              tomasenskede @Gertjan
              last edited by

              @Gertjan
              327dbefb-6974-4cef-b149-0474919e6e5b-image.png

              Services / Acme / Certificates

              Renewing certificate
              ...
              [Sat Aug 17 11:47:27 CEST 2024] Cert success.
              update cert![Sat Aug 17 11:47:29 CEST 2024] Reload success

              14e53171-5a35-4f3e-b26c-f120bf215d76-image.png

              Success! So... why isn't this done automatically? What's the issue?

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @tomasenskede
                last edited by Gertjan

                @tomasenskede said in The renewal of certificates does not take place:

                What's the issue?

                I'll put my bet on : you are - or were - the issue ๐Ÿ˜Š

                This :

                7c0860f2-37f0-41dc-b671-013da833db4f-image.png

                to be read from bottom to top.
                The auto renewal cron job start.
                It decides that it is time, as it compares the certificate end date minus the ( 90 days - your "Certificate renewal after" whic is set to '60).
                If the period lasting is less then (90-60) = 30, then it is

                Its time to renew ""

                The issue was here

                df16ece8-7a2a-484a-b822-77dee40a45bd-image.png

                I presume that, since you set up two scripts to be executed upon end of renewal, and one of them, the one with a coma in the file name ( that's a good old syntax error ), everything failed. You did probably did get the new certificate, but it wasn't written into the system as there was an error.

                To be sure all is well now, you don't have to wait for 60 days.
                The minimal LE grace period is 7 days or so, so set your "Certificate renewal after" to 10 days or so.
                Now, wait for then days, and then see what happens.
                By 'see' I mean : inspect the main acme.sh log file, the /tmp/acme/[your-acme-account-name]/acme_issuecert.log
                I'm pretty sure this time you'll find your renewed cert under System > Certificates > Certificates and as you restart the webgui, you can inspect the certificate right away in your browser, and see the start and end date. The certificate serial number also changed.

                We'll meet up here over 10 days ? ๐Ÿ˜Š

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                T 1 Reply Last reply Reply Quote 0
                • T
                  tomasenskede @Gertjan
                  last edited by

                  Aug 17 11:47:29 php 23097 Acme, Running /usr/local/etc/rc.d/haproxy.sh restart
                  Aug 17 11:47:29 php 23097 Acme, Running /etc/rc.restart_webgui
                  Aug 17 11:47:27 php 23097 /usr/local/pkg/acme/acme_command.sh: Beginning configuration backup to https://acb.netgate.com/save
                  Aug 17 11:47:27 check_reload_status 439 Syncing firewall
                  Aug 17 11:47:27 php 23097 /usr/local/pkg/acme/acme_command.sh: Configuration Change: (system): Services: Acme: Storing signed certificate: domain.xyz
                  Aug 17 11:47:27 php 23097 Acme, storing new certificate: domain.xyz
                  Aug 17 11:47:21 php-fpm 58099 Acme, renewing certificate: domain.xyz
                  Aug 17 11:47:08 php-fpm 82902 /acme/acme_certificates_edit.php: Successful login for user 'admin' from: 192.168.1.53 (Local Database)

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @tomasenskede
                    last edited by

                    @tomasenskede

                    Looks fine to me.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      tomasenskede @Gertjan
                      last edited by

                      @Gertjan said in The renewal of certificates does not take place:

                      @tomasenskede

                      Looks fine to me.

                      So, why didnt the auto update ran? will it ran next time?

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @tomasenskede
                        last edited by

                        @tomasenskede said in The renewal of certificates does not take place:

                        So, why didnt the auto update ran

                        It did :

                        f55ea3b5-5e4b-478f-aed9-8a88b7fd89c8-image.png

                        or was to you, at 03h16 AM (middel in the night for me) clicking on 'run' ?

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.