acme-client renewal interval setting ignored; automatic renewals never run

[8UqCt6]

Hi folks, hope you're doing well!

I use the acme-client to issue lets encrypt certificates by using the DNS-01 challenge. This works very well except the auto renewal. The certificates are not being renewed after the 60 days that I configured in the renewal interval setting.

From the logs I noticed that "acme.sh" runs the --issue command with --days '1' instead of the 60 days configured.

Code Select Expand

AcmeClient: The shell command returned exit code '0': '/usr/local/sbin/acme.sh --issue ... --days '1' ...
The certificate config file /var/etc/acme-client/cert-home/.../domain.tld/domain.tld.conf then contains:

Code Select Expand

Le_CertCreateTime='1747450986'
Le_CertCreateTimeStr='2025-05-17T03:03:06Z'
Le_RenewalDays='1'
Le_NextRenewTimeStr='2025-05-17T03:03:06Z'
Le_NextRenewTime='1747450986'
This leads to never run automatic renewals. After each cron job it logs:

Code Select Expand

AcmeClient: issue/renewal not required for certificate: domain.tld
Environment:

• OPNsense 25.1.6_4-amd64
• os-acme-client plugin version 4.9
• "acme.sh" version 3.1.1

I created a GitHub issue (https://github.com/opnsense/plugins/issues/4711) with more detailed information, how to reproduce, log and config files; also tested the setup on another OPNsense instance but encountered the same problem.

Do you have any idea? Do you maybe experience the same behavior? Or on the other hand, do you not have this issue? Maybe I did a mistake somewhere else. Very happy about every comment

Thank you very much in advance