Just wondering if this is by design or just not coded into the cleanup on SiteWorx account deletion.
Also, the LetsEncrypt seems to not be updated by deleting SiteWorx account and you get failures when it tries to renew a site that doesn’t exist anymore.
Hi justec
I hope your well
The first question I would consider an oversight
The second I am not sure if LE allow deletion on a cert which would expire. I could be wrong though as if it did and the site hosted elsewhere then tried for LE it may fail until perhaps
The above though are my thoughts only
Many thanks
John
Hello–
I asked the devs and it looks like cleaning up the .bak files just slipped through the cracks. I’ll make a feature request to remove them when an account is deleted, though no ETA.
Can you expand on this a bit: “the LetsEncrypt seems to not be updated by deleting SiteWorx account and you get failures when it tries to renew a site that doesn’t exist anymore”
It sounds like you are saying that you deleted the SiteWorx account and expected the LE cert to still be renewed. If that is the case, Let’s Encrypt requires that the domain resolve to the server the cert is being created on. So, if the domain no longer exists on the server, LE will not be able to create or renew that cert.
If that is not what you are describing, if you could reword or expand, that would be really helpful.
Thanks
-Jenna
Friendly Neighborhood InterWorx Support Manager
Thanks Jenna, definitely not a big deal with files so small, but always nice to keep things tidy if you can.
For LetsEncrypt I think it’s something similar to the .bak files.
Under the /etc/letsencrypt/renewal folder there was conf files for sites that had been deleted.
I noticed them when checking messages log and saw failed renewals for sites that I knew no longer existed.
Hello–
What version of InterWorx are you running?
Thanks,
-Jenna
Hi
I thought justec was meaning the email notifications from LE to let you know cert would expire
Many thanks
John
I’m on InterWorx-CP v7.12.6
John, yeah, I read it back and see it was not as clear as I thought. Hopefully it’s more clear now 
Hello–
So I talked to a dev and here are a few things:
Correct that .conf files in /etc/letsencrypt/renewal stick around for deleted SW accounts. It is unclear why this is the case, so I made a feature request to clean them up
However, in the past, the existence of these files should not have triggered renewal requests. In former versions, LE SSL generation was controlled by snapd. We changed this in 7.12.x to use AcmePHP, instead, since we discovered that snapd was not compatible with CloudLinux. We left snapd installed on servers, though, since some servers may be using it for other things. Snapd has its own renewal counter, which we disabled, before. But it seems the switch to AcmePHP may have re-enabled it, which is calling for renewals for domains that don’t exist. I created a ticket to evaluate how to resolve this
AcmePHP behaves differently, though. For that, there is just a file for each domain under /etc/acmephp that is a .yml file. Those are cleaned up when an account is deleted.
Before deleting leupgradetest on a 7.12.6 server:
[root@leremovetest ~]# ls -la /etc/acmephp/
total 20
drwx------ 5 iworx iworx 133 Feb 9 17:12 .
drwxr-xr-x. 112 root root 8192 Feb 9 17:14 ..
drwxr-xr-x 2 iworx iworx 51 Feb 9 17:11 account
drwxr-xr-x 4 iworx iworx 86 Feb 9 17:12 certs
-rw-r--r-- 1 iworx iworx 198 Feb 9 17:12 leremovetest.jenna.iwx.io.yml
-rw-r--r-- 1 iworx iworx 393 Feb 9 17:11 leupgradetest.leremovetest.jenna.iwx.io.yml
drwxr-xr-x 4 iworx iworx 86 Feb 9 17:12 var
[root@leremovetest ~]#
After deleting leupgradetest:
[root@leremovetest ~]# ls -la /etc/acmephp/
total 16
drwx------ 5 iworx iworx 82 Feb 9 17:17 .
drwxr-xr-x. 112 root root 8192 Feb 9 17:17 ..
drwxr-xr-x 2 iworx iworx 51 Feb 9 17:11 account
drwxr-xr-x 4 iworx iworx 86 Feb 9 17:12 certs
-rw-r--r-- 1 iworx iworx 198 Feb 9 17:12 leremovetest.jenna.iwx.io.yml
drwxr-xr-x 4 iworx iworx 86 Feb 9 17:12 var
[root@leremovetest ~]#
The file did still remain in /etc/letsencrypt/renewal, though:
[root@leremovetest ~]# ls -la /etc/letsencrypt/renewal
total 8
drwx------ 2 iworx iworx 110 Feb 9 17:06 .
drwx------ 9 iworx iworx 108 Feb 9 17:08 ..
-rw------- 1 iworx iworx 845 Feb 9 17:04 lecleanuptest.leremovetest.jenna.iwx.io.conf
-rw------- 1 iworx iworx 951 Feb 9 17:06 leupgradetest.leremovetest.jenna.iwx.io.conf
[root@leremovetest ~]#
When your server was upgraded to 7.12.x, your certs were converted to AcmePHP. We did not remove /etc/letsencrypt when this occurred, in case some certs could not be converted for some reason.
So any domains that are deleted from now on, their .yml files will be cleaned up in /etc/acmephp. Existing domains will still exist for now in /etc/letsencrypt/renwal, though, but again, ticket to look into that. You can clean them up manually, if you want, though, that won’t negatively affect anything, since the domain no longer exists. Newly created domains will only have entries in /etc/acmephp so that won’t be a concern at all for them.
Let me know if you have any questions. It’s been a really long day, so I may have missed something/not explained really well.
Thanks
-Jenna
Jenna, appreciate you taking to the time to break this into such detail.
I did start clearing some out from the renewal folder manually, but based on what you said:
BlockquoteHowever, in the past, the existence of these files should not have triggered renewal requests.
I decided to check the Live folder and I see them in here too, so maybe this is why the renewal was trigger. I assume I can delete the folder and all contents for the domains that no longer exist from Live?
Also, did your test remove the domain from the live folder? Maybe my live folder issue is just something with the in place upgrade and future deletions would clear the live folder out.
Hello–
Yes, the old account certs still exist in the /etc/letsencrypt/live folder, as well. There wasn’t anything in place to clean up files in /etc/letsencrypt for deleted SW accounts.
Thanks,
-Jenna