How to set let's encypt certificates to renew prior to expiry

OS type and version Debian
Virtualmin version Latest

As per the title I would like to know whether its possible and hence how to set the default renew date to be prior to a lets encrypt certificates expiry date in virtualmin. I know you can set the certificate to auto renew however I believe it does so once the certificate expires, not before (correct me if I am wrong). It hence messes up cloudflare which I use as a proxy and all renews fail until I do so manually and turn of cloudflare. It would be nice to have lets encrypt certificates renew prior to their expiry date. Any help would be much appreciated. Thank you

Kind regards Sam

1 Like


It defaults to renewing before the expiry. If it is not happening, something is wrong, unless you changed it from the default.

Thank you very much, I must have overlooked this menu. Where can I find it?

Kind regards Sam

It works when there is an already active certificate on the server and hence you can connect to the website via https however when the certificate expires cloudflare drops all connections and hence it can’t automatically renew the certificate. However, my guess is that the setting mentioned by @stefan1959 has been set to something different. I will check and keep you posted.

Thanks for your help. Kind regards Sam

Ah, you’re using Cloudflare.

I believe you need Cloudflare to manage your certs because they are the endpoint, rather than your Virtualmin system.

This post was flagged by the community and is temporarily hidden.

I use Cloudflare too. You can get a certificate between the browser and Cloudflare and the browser free from Cloudflare (though it is shared) and then keep it on flexible. The other option is to get a certificate from Cloudflare to put on your server or use LetsEncrypt after you set the shared certificate on Cloudflare. Once I had that sorted I was able to set Cloudflare to Full (not strict).

I know I have quoted Joe in this I thought it best to keep the thread as a follow on from what Joe said. I hope this is ok.

Hope this helps. I have quoted @SamuelM below as for some reason it won’t let me add it above. Sorry for the messy message.

Hi all, thank you all for your help @Joe @grant-1972 @stefan1959 . I don’t believe its an issue with cloudflare, its more than likely an issue with my virtualmin config however that being said cloudflare has also been giving me headaches regarding email as well. Nontheless I will investigate. Thank you all.

Kind regards Sam

@Joe @grant-1972 @stefan1959

Alright so after doing a bit of investigating it turns out everything is set correctly so I dont understand why lets encrypt is failing to renew certificates the stated 21 days before expiry, if I manually now press request certificate it all works fine even with Cloudflare Full Strict enabled! I have set a reminder in my calendar to monitor it on the day it goes to renew the certificate (21 days before expiry) and see what happens. Once again thank you all for your help.

Kind regards Sam

Look at your site, use the browser and check who issues the certificate and see if it Let Encrypt. I have one site using cloudflare and its using a different issuer, I think cloudflare handles the free ssl.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.