Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - 8UqCt6

Pages1
#1
25.1, 25.4 Production Series / acme-client renewal interval setting ignored; automatic renewals never run
May 18, 2025, 04:01:35 PM
Hi folks, hope you're doing well!

I use the acme-client to issue lets encrypt certificates by using the DNS-01 challenge. This works very well except the auto renewal. The certificates are not being renewed after the 60 days that I configured in the renewal interval setting.

From the logs I noticed that "acme.sh" runs the --issue command with --days '1' instead of the 60 days configured.

Code Select
AcmeClient: The shell command returned exit code '0': '/usr/local/sbin/acme.sh --issue ... --days '1' ...
The certificate config file /var/etc/acme-client/cert-home/.../domain.tld/domain.tld.conf then contains:
Code Select
Le_CertCreateTime='1747450986'
Le_CertCreateTimeStr='2025-05-17T03:03:06Z'
Le_RenewalDays='1'
Le_NextRenewTimeStr='2025-05-17T03:03:06Z'
Le_NextRenewTime='1747450986'
This leads to never run automatic renewals. After each cron job it logs:
Code Select
AcmeClient: issue/renewal not required for certificate: domain.tld
Environment:
  • OPNsense 25.1.6_4-amd64
  • os-acme-client plugin version 4.9
  • "acme.sh" version 3.1.1

I created a GitHub issue (https://github.com/opnsense/plugins/issues/4711) with more detailed information, how to reproduce, log and config files; also tested the setup on another OPNsense instance but encountered the same problem.

Do you have any idea? Do you maybe experience the same behavior? Or on the other hand, do you not have this issue? Maybe I did a mistake somewhere else. Very happy about every comment

Thank you very much in advance
Pages1