Hi Brent and Colin, > We've been seeing consistent SSL auto-renew failures with some of our > vsites on 5209R. There are no entries for the sites with expired certs > in the letsencrypt log or any of the archived logs, so it appears that > the attempt is not even being made for these sites. When renewed by > hand in the BX GUI, the sites renew without error.
I can confirm the problems. The GUI renewal works, but the cronjob just craps out for one reason or other. No, it's not PHP related, as the expiry time calculation is done via a Perl-Script in the cronjob itself. That script reads the expiry date from the actual certificate and compares it with the specified validity set for that cert in the GUI (default: 60 days). If the cert then is due to expire within the next 30 days (or already expired) it ought to trigger the renewal. Which it sometimes doesn't. Or the cronjob gets stuck, doesn't fire or the bloody Python script from LE itself (LE Certbot) craps out. I've had it up to the chin with that bloody Python contraption from LE itself. Python is just plain and simply hipster-shit. The other day I replaced a 500 line Python script (with exotic dependencies that would only work on Python 2.7!) with a Perl script of five lines. So ... the LE renewal stuff will be thrown out within the next three days and it gets replaced with something simpler that just works. Without exotic dependencies. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx