Announcement

Collapse
No announcement yet.

Letsencript removed domain renewal issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Letsencript removed domain renewal issue

    I have a slight problem, I have removed a sub domain from siteworx. the domain had a letsencript certificate and this has been also removed.

    Checking my logs I have noticed that even though the domain and certificate does not exist, the certificate for the removed domain is still trying to be renewed by Letsencript.
    How can I remove all references to the domains certificate to stop letsencript trying to renew it, were is the information stored that Letsencript uses to try and renew.

    Code:
    Apr 23 13:10:12 serv cst2[2036]: Client certificate expires at Feb 21 10:08:20, attempting to renew
    
    Apr 23 13:10:12 serv cst2[2036]: Requesting new client certificate
    
    Apr 23 13:10:24 serv cst2[2036]: Unable to generate new certificate
    
    Apr 23 13:10:26 serv cst2[2036]: Checking for tools update
    
    Apr 23 13:10:26 serv cst2[2036]: Unable to check for update
    
    Apr 23 13:11:26 serv cst2[2036]: Client certificate expires at Feb 21 10:08:20, attempting to renew
    
    Apr 23 13:11:26 serv cst2[2036]: Requesting new client certificate
    
    Apr 23 13:11:26 serv cst2[2036]: Unable to generate new certificate
    
    Apr 23 13:12:26 serv cst2[2036]: Checking for tools update
    
    Apr 23 13:12:27 serv cst2[2036]: Unable to check for update
    
     
    Gary T

  • #2
    Hi Bear

    good question and I am not sure myself sorry

    If you generate a new LE cert using primary domain, does this then stop the sub domain from trying to renew

    Many thanks and stay safe

    John

    Comment


    • #3
      The primary has already got a cert on it but I could try generating it again or even adding the sub domain back again.
      Gary T

      Comment


      • #4
        Hi Bear

        Sorry thinking about this, and if you mean a sub domain and not secondary, I would think the error is correct if you did not regenerate the LE cert once sub domain deleted.

        This is because the LE cert is fixed at the point of first generation of cert with domain/subdomains

        eg mydomain.url www.mydomain.url ftp.mydomain.url subdomain.mydoamin.url - generate LE cert

        auto renew now attempts using this

        delete subdomain.mydomain.url from siteworx

        this does not delete the subdomain.mydomain.url from the LE cert

        autorenew now should fail (I believe in full and not renew LE cert)

        if you manually generate LE cert using mydomain.url www.mydomain.url ftp.mydomain.url then the autorenew would complete without failures

        This is the same behaviour in reverse if you create a new subdomain from siteworx but not manually generate a new LE cert - so the subdomain is not covered by an LE SSL until LE cert is manually generated and subdomain also selected

        I am not sure if this is the best way but it is how I believe IW LE works, and I believe LE wildcard has changed so not sure if LE wildcard could be added

        I hope that helps a little and sorry if I am wrong

        Many thanks and stay safe

        John

        Comment


        • #5
          Sorry John i made an error
          i ment secondary domain, i removed a secondary domain that had a Le cert on it, now Letsencript is trying to renew the cert even though the secondary domain does not excist
          Trying to find what triggers the LE Cert renewal and hopeful stop it from trying to renew something thats not there.
          Thank you for your reply and time
          Gary T

          Comment


          • #6
            Hi Bear

            Many thanks, I did wonder if it were a secondary domain

            I would test first by creating the same secondary domain, then generate using LE SSL, then edit all elements of the SSL (keys, chain etc) and delete them (edit and delete)

            Then delete the secondary

            Does this then stop the LE SSL auto renew error

            I would also open a support with IW so they can have a look to see what's gone wrong or needs bug fixing

            Many thanks and stay safe

            John

            Comment


            • #7
              Hi Bear

              Sorry, please ignore my last post and could you check the following and confirm if this resolves the issues

              SSH into your server and chekc the following folder

              /etc/letsencrypt/renewal

              Is the secondary domain listed

              If so, delete the secondary domain

              Does this then stop the renewal error for LE on a non existent domain

              I believe it would and if so, IW just need ot ensure it is delete from this folder upon domain deletion

              Many thanks and stay safe

              John

              Comment


              • #8
                its all got a little confusing but yes i did notice when the cert and secondary was deleted then it left those folders, i did manually delete them my self.
                Jenna from support found the issue in the end, it was not related to the domain LE Cert but to another certificate something to do with iomart CloudsureTools Controller.
                Contacting iomart this is used for server provisioning to install the OS and networking.It is also used for any OS reinstallation requests from the customer.
                Iomart developers are looking into the cert issue.
                My confusion was that originally the secondary domain cert expired in Febuary and also the iomart cert expired in febuary, not being aware of the iomart cert i thought the issue was with the siteworx LE Cert.
                Thank you for your time and as usual Jemma outstanding support :)


                Gary T

                Comment


                • #9
                  Hi Bear

                  Many thanks for the update

                  Kudos to IW-Jenna and IW Support

                  Many thanks and stay safe

                  John

                  Comment

                  Working...
                  X