Problem renewing letsencrypt certificates (just doesnt even try)

[simonatackatbris]

Describe the bug
A clear and concise description of what the bug is.
Upgraded from froxlor 0.10.x in Mid march. This was also a new server. process was create new server, shutdown old system, sync files and copy database to new machine. installed the froxlor deb package, did update steps, change php version etc. All been working ok for last few months

I have a few 'dead' domains that need removing, but are deactivated.

I havent had any letsencrypt auto update since the update. I currently have many >20 that are expired including the panel vhost.

I run

root@froxlor:/var/www/html# /var/www/html/froxlor/bin/froxlor-cli froxlor:cron 'letsencrypt' -d -vvv

Checking froxlor file permissions...OK
Running "letsencrypt" job (debug)
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Mon May  8 19:52:37 BST 2023] Already uptodate!
[Mon May  8 19:52:37 BST 2023] Upgrade success!
[Mon May  8 19:52:38 BST 2023] Installing cron job
24 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Mon May  8 19:52:38 BST 2023] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[information] No new certificates or certificate updates found
[notice] Checking system's last guid

if i run it with a -f

I then get extra in output

[error] Could not find certificate-folder '/root/.acme.sh/DOMAIN1/'
[error] Could not get Let's Encrypt certificate for DOMAIN1:

[error] Could not find certificate-folder '/root/.acme.sh/DOMAIN2/'
[error] Could not get Let's Encrypt certificate for DOMAIN2:

I have found that if I do the following it gets it to create a certificate
in mysql erase the validtodate in the table with

update domain_ssl_settings set validtodate=null where domainid=DOMAINID limit 1 ;

It seems that the acme.sh script that gets installed in roots home doesnt have the domains except the ones Ive managed to wipe the valid date in the database, should it?

As said Ive had it regenerate them for a couple of urgent domains, but left it for others so that I can assist in resolving this.

Is there a step in an upgrade step that I have missed?

Will this renew correctly in July? when next due?

System information

• Froxlor version: 2.0.19
• Web server: apache2
• DNS server: Bind
• POP/IMAP server: Courier
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: Ubuntu 22.04

To Reproduce
Steps to reproduce the behavior:
Happy to give mysql data etc to duplicate but as production system cant just wipe froxlor and redo so not sure how to describe further to allow 'reproducing'

settings for ssl
key size 4096
not ecc/ecdsa
had reuse certificates on and tried off
validate dns names is off
path to acme.sh: /root/.acme.sh/acme.sh
path to acme snippet: /etc/apache2/conf-enabled/acme.conf
acme environment letsencrypt live
path for letsencrypt challenges: /var/www/html/froxlor

Expected behavior
Lets Encrypt certificates to not expire but renew

[d00p]

Did you try running https://docs.froxlor.org/latest/admin-guide/cli-scripts/#validate-acme-webroot to check if the acme.sh configs are up-to-date with the new path

[simonatackatbris]

Just done that and it reports

 [INFO] No domain configuration file found in '/root/.acme.sh'

several dozen times

and still same issue

if i then again blank the validtodate field and the cron job then runs and requests a certificate.

then rerunning the validate-acme-webroot lists an entry with getting info for and the domain name that i just blanked the field for

[drexlma]

Yes, there is still a bug here.

You may have a domain where the certificate cannot be renewed and then the whole process will stop working after a short time until you have identified the defective domain.

Make a database query which domain either has an expired certificate or could not generate one

maybe : #1035