Let's Encrypt certificate didn't automatically renew

On a FreePBX 16.0.26 system, I happened to notice today that a Let’s Encrypt certificate would expire in 3 days. A CNAME is pointed at the system and set as an alternative name in the Let’s Encrypt certificate configuration. There was a certificate renewal error in the dashboard, and looking into it, the problem appeared to be with accessing a challenge through the CNAME hostname. I had mistakenly entered the FQDN of the target host for the CNAME record value. For the DNS service in question, I needed to enter only the hostname (e.g. siphost), and the domain is automatically appended. So the incorrect CNAME record value was something like siphost.example.com.example.com. instead of siphost.example.com. After correcting the CNAME record, allowing time for propagation, and even rebooting the FreePBX system a couple times, the certificate was still not renewed automatically. I ended up doing:

fwconsole cert --updateall --force

…and the Let’s Encrypt certificate updated successfully. I would like to have some assurance that future Let’s Encrypt certificate renewal will happen automatically/transparently, or at least a way to check on renewal (attempt) status. Is renewal (attempt | success/failure) process logged somewhere? I don’t see a Let’s Encrypt specific log in /var/log, or Let’s Encrypt entries in /var/log/messages, etc.

As a side note, I found it curious that successful certificate renewal is flagged as a critical issue…!? :thinking:

My experiance on 2 different machines:
Auto renewal worked on V15
Auto renewal did’t work on V16. I had to look up help on fwconsole cerificates to renew as LGaetz mentioned here somewhere.
However you should receive reminders from letsencrypt (if you initially provided them an e-mail-address).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.