ACME Client certificate not automatically renewing.

Started by Matthew_Kent, Today at 10:51:28 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 10:51:28 AM
Hi,

I have the ACME client installed, using a locally hosted CA (smallstep), the cert is renewed successfully if I manually refresh, but never triggers to automatically renew. The logs read that renewal is not required, although there is less than 1 day remaining on my cert.

Any help / pointers greatly appreciated

Cert Expiry:
Code Select
Validity
Not Before
Fri, 20 Mar 2026 09:53:13 GMT
Not After
Fri, 24 Apr 2026 09:54:13 GMT
Manual refresh - OK:
Code Select
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Installing full chain to: /var/etc/acme-client/certs/691b0b09b8ce58.18644849/fullchain.pem
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Installing key to: /var/etc/acme-client/keys/691b0b09b8ce58.18644849/private.key
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Installing CA to: /var/etc/acme-client/certs/691b0b09b8ce58.18644849/chain.pem
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Installing cert to: /var/etc/acme-client/certs/691b0b09b8ce58.18644849/cert.pem
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] And the full-chain cert is in: /var/etc/acme-client/cert-home/691b0b09b8ce58.18644849/opnsense.mpkc.local/fullchain.cer
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] The intermediate CA cert is in: /var/etc/acme-client/cert-home/691b0b09b8ce58.18644849/opnsense.mpkc.local/ca.cer
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Your cert key is in: /var/etc/acme-client/cert-home/691b0b09b8ce58.18644849/opnsense.mpkc.local/opnsense.mpkc.local.key
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Your cert is in: /var/etc/acme-client/cert-home/691b0b09b8ce58.18644849/opnsense.mpkc.local/opnsense.mpkc.local.cer
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Cert success.
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Le_LinkCert='https://ca.mpkc.local/acme/acme/certificate/88gNu3LXl0Rw34e3zQ8TEssh92BMXQzP'
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Downloading cert.
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Le_OrderFinalize='https://ca.mpkc.local/acme/acme/order/pO5gl8eJAgmjIz3t1GebzGEKEpAiI3ii/finalize'
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Let's finalize the order.
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Verification finished, beginning signing.
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Success
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Verifying: opnsense.mpkc.local
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Getting webroot for domain='opnsense.mpkc.local'
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Single domain='opnsense.mpkc.local'
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Using CA: https://ca.mpkc.local/acme/acme/directory
ACMEClient says "Not Required":
Code Select
2026-04-23T04:12:00
opnsense
AcmeClient: issue/renewal not required for certificate: opnsense.mpkc.local
2026-04-22T04:12:00
opnsense
AcmeClient: issue/renewal not required for certificate: opnsense.mpkc.local
2026-04-21T04:12:00
Print
Go Up Pages1
User actions