Letsencrypt not renewing automatically on 1 account

[Richard G]

Has something changed on the LE renewal period?
Normally the certs were valid for 90 days and would be renewed after approx. 60 days.

Last time an SSL certificate of a customer was not renewed automatically so I had to do it manually. I do not have setup AutoSSL for this domain, but that should not be necessary.

Now I'm looking again and the cert is valid until May 30th and we are 2 weeks from that date, so it should have already been renewed way before this date.

Checking DA it says:
Let's Encrypt in use. Auto-renewal in 0 Days.

So one should expect that it would be renewed today, but I think it's already for a longer time 0 days.
Retries are also still good: Remaining Retries 17

So what could be going on here. Why is the renew not triggered begin this month as should be done normally?

 

[adam12]

I noticed I have a few doing this as well. I never dug deeper since I was debugging another error (stale SOA/NS records in local resolver cache).

 

[sewiti]

Hi, the default value when certificates are renewed was changed almost a year ago, see 1.677 changelog. The current default value is 17 days before certificate's expiry time.

You can check the current value on your server:

# da config-get letsencrypt_renew_before_expiry_days                                 
17

Let's Encrypt in use. Auto-renewal in 0 Days.

In your situation, it seems like certificate should be renewed within the next 24 hours.

If it does not renew, you can check the acme-lego output here:

cat /usr/local/directadmin/data/users/USERNAME/domains/acme_provider_cert_logs/DOMAIN.log

and/or run renewal manually and look for possible issues:

da taskq --debug=1 --run="action=rewrite&value=letsencrypt&domain=DOMAIN"

 

[Richard G]

was changed almost a year ago

Ahhh.. thank you! I thought I read something about a change, but couldn't find it anymore, but then all is fine.

Thank you!