I have a slight problem, I have removed a sub domain from siteworx. the domain had a letsencript certificate and this has been also removed.
Checking my logs I have noticed that even though the domain and certificate does not exist, the certificate for the removed domain is still trying to be renewed by Letsencript.
How can I remove all references to the domains certificate to stop letsencript trying to renew it, were is the information stored that Letsencript uses to try and renew.
Apr 23 13:10:12 serv cst2[2036]: Client certificate expires at Feb 21 10:08:20, attempting to renew
Apr 23 13:10:12 serv cst2[2036]: Requesting new client certificate
Apr 23 13:10:24 serv cst2[2036]: Unable to generate new certificate
Apr 23 13:10:26 serv cst2[2036]: Checking for tools update
Apr 23 13:10:26 serv cst2[2036]: Unable to check for update
Apr 23 13:11:26 serv cst2[2036]: Client certificate expires at Feb 21 10:08:20, attempting to renew
Apr 23 13:11:26 serv cst2[2036]: Requesting new client certificate
Apr 23 13:11:26 serv cst2[2036]: Unable to generate new certificate
Apr 23 13:12:26 serv cst2[2036]: Checking for tools update
Apr 23 13:12:27 serv cst2[2036]: Unable to check for update
Sorry thinking about this, and if you mean a sub domain and not secondary, I would think the error is correct if you did not regenerate the LE cert once sub domain deleted.
This is because the LE cert is fixed at the point of first generation of cert with domain/subdomains
eg mydomain.url www.mydomain.url ftp.mydomain.url subdomain.mydoamin.url - generate LE cert
auto renew now attempts using this
delete subdomain.mydomain.url from siteworx
this does not delete the subdomain.mydomain.url from the LE cert
autorenew now should fail (I believe in full and not renew LE cert)
if you manually generate LE cert using mydomain.url www.mydomain.url ftp.mydomain.url then the autorenew would complete without failures
This is the same behaviour in reverse if you create a new subdomain from siteworx but not manually generate a new LE cert - so the subdomain is not covered by an LE SSL until LE cert is manually generated and subdomain also selected
I am not sure if this is the best way but it is how I believe IW LE works, and I believe LE wildcard has changed so not sure if LE wildcard could be added
I hope that helps a little and sorry if I am wrong
[LEFT]Sorry John i made an error
i ment secondary domain, i removed a secondary domain that had a Le cert on it, now Letsencript is trying to renew the cert even though the secondary domain does not excist
Trying to find what triggers the LE Cert renewal and hopeful stop it from trying to renew something thats not there.
Thank you for your reply and time[/LEFT]
Many thanks, I did wonder if it were a secondary domain
I would test first by creating the same secondary domain, then generate using LE SSL, then edit all elements of the SSL (keys, chain etc) and delete them (edit and delete)
Then delete the secondary
Does this then stop the LE SSL auto renew error
I would also open a support with IW so they can have a look to see what’s gone wrong or needs bug fixing
its all got a little confusing but yes i did notice when the cert and secondary was deleted then it left those folders, i did manually delete them my self.
Jenna from support found the issue in the end, it was not related to the domain LE Cert but to another certificate something to do with iomart CloudsureTools Controller.
Contacting iomart this is used for server provisioning to install the OS and networking.It is also used for any OS reinstallation requests from the customer.
Iomart developers are looking into the cert issue.
My confusion was that originally the secondary domain cert expired in Febuary and also the iomart cert expired in febuary, not being aware of the iomart cert i thought the issue was with the siteworx LE Cert.
Thank you for your time and as usual Jemma outstanding support
