1
21.7 Legacy Series / [SOLVED] ACME client does not auto renew LE certs anymore (30 days to invalid)
« on: November 30, 2021, 11:43:46 am »
Hey guys,
i am out of ideas how to fix or debug a problem i currently face with my acme client and LE cert setup. I have several LE certs, which were usually updated by the acme client automation, in case they had 30 days or less until they would become invalid. But currently this process seems somehow broken, because acme client automation runs from cron like its supposed to, but acme client does not renew those certs anymore and only reports to syslog:
Regardless this cert is well below the usual 30 days according to system/trust:
I tried setting the debug level on the acme client, but this doesn't seem to affect the syslog behavior of the plugin. forcefully renew a cert does still work. So, i don't know where to look anymore. Did the 30 day threshold change? I would rather not test it by waiting till my cert expire.
Does anyone have a clue?
Thank you in advance, Steve
[SOLVED]
It has been fixed by freanki with this patches:
https://github.com/opnsense/plugins/issues/2721#issuecomment-1005589449
Thanks to everybody helping and freanki for fixing this!
i am out of ideas how to fix or debug a problem i currently face with my acme client and LE cert setup. I have several LE certs, which were usually updated by the acme client automation, in case they had 30 days or less until they would become invalid. But currently this process seems somehow broken, because acme client automation runs from cron like its supposed to, but acme client does not renew those certs anymore and only reports to syslog:
Code: [Select]
AcmeClient: issue/renewal not required for certificate: *my-cert-name*
Regardless this cert is well below the usual 30 days according to system/trust:
Code: [Select]
Valid Until: Tue, 14 Dec 2021 22:05:28 +0100
I tried setting the debug level on the acme client, but this doesn't seem to affect the syslog behavior of the plugin. forcefully renew a cert does still work. So, i don't know where to look anymore. Did the 30 day threshold change? I would rather not test it by waiting till my cert expire.
Does anyone have a clue?
Thank you in advance, Steve
[SOLVED]
It has been fixed by freanki with this patches:
https://github.com/opnsense/plugins/issues/2721#issuecomment-1005589449
Thanks to everybody helping and freanki for fixing this!