Hi All, On 10/13/2018 12:43 PM, Colin Jack wrote:
Yes - it is weird because they are all set to auto renew and used to auto renew. Only recently they have stopped, but renew manually fine.
Yeah, the LetsEncrypt functionality is a neat convenience to get free HTTPS, but unfortunately it sometimes follows the old adage "you get what you pay for." I've seen this with different implementations of LE, as well, not just BlueOnyx. cPanel implementations can be buggy, and the error messages are often either confusing or obfuscating.
My advice: is it a critical site that's making money? Pay the few bucks for a commercial cert. Free is great, but my customers don't want to hear about "well, this didn't cost anything" when the site is broken.
This isn't to say that LE certs don't have their place. We're using them in some situations. I've found 2 recurring issues with LE certs on BlueOnyx to be our main antagonists:
#1: On 5208R, renewing the certificate for the server (main hostname) that runs mail and Admserv GUI will often fail both automated and manual because when the CA attempts to fetch the /well-known/pki-validation file it will look to the first VSITE in the httpd.conf file. The only "fix" is to comment out all the vsites at the bottom of httpd.conf, restart httpd, request the renewal, then un-comment the vsites and restart httpd again.
#2: On a VSITE, a failure to confirm the .well-known/pki-validation or a DNS problem. In these cases, the error message that prints to the GUI isn't often very helpful and it's better to watch /var/log/messages to see what comes of that. If you know when the automated process failed you can go back in time in the logs to see if there's an explanation. If the failure is occurring as you manually renew, then watch the log in real-time using tail -f /var/log/messages | grep "encrypt"
-- Chris Gebhardt VIRTBIZ Internet Services Access, Web Hosting, Colocation, Dedicated www.virtbiz.com | toll-free (866) 4 VIRTBIZ _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
