LE not renewing automatically in Webmin

ubuntu 16.04

set to renew monthly. however it does not do so automatically. instead, i have to manually re-request the cert after every 3 month validity period. currently a few weeks overdue for automatic renewal.

There’s usually some kind of error message…

the only error messages i ever see are when browsers and mail clients start flipping out over an expired cert.

So after a failure, and you are about to re-request the cert…

You go into Virtualmin->select the virtual server you want->Server Configuration->Manage SSL Certificate->Let’s Encrypt

At the bottom of the page, you don’t see any error message, and/or you don’t receive any email telling you your renewal failed?

No renewal issues with virtualmin servers. My issue is in the webmin module. no error messages on webmin > webmin > webmin configuration > ssl encryption > le page.

Pretty much the same form. You should still have received an email with the error.

In any case, we can’t help unless you show us the error message.

Go into Webmin->Webmin Actions Log. You should be able to leave most everything as default, except choose the time period of interest (ie, between Jul and Oct or something). Click Search.

You should find some entries like “letsencrypt domain example.com”. Click on them. Open the “Raw log data” section and scroll to see the error. You can paste it here, but please use the code tags (see the “More info about text formats” below the reply box) so it formats into a readable thing.

When nothing showed up during the specified renewal period, i expanded the time frame out from the day the last cert was issued to today. Except for successful virtualmin cert renewals, nothing until i got as far back as Aug 31, the day the previous cert was issued.
Requested new SSL certificate from Let’s Encrypt,“Webmin Configuration”,“user”,“x.x.x.x”,“31/Aug/2017 07:51”

Seems webmin isn’t even trying to renew?

the sudden influx of support calls this morning reminded me that this issue still isnt resolved. another certificate manually requested. good for another 3 months. still nothing, other than this morning’s manual request, in the webmin action log.





Sorry for the lack of reply. I don’t know why this is happening for you; LE renewals work on all of my systems.

Have you disabled the Virtualmin scheduled job? That’s the only reason I can think of that it wouldn’t run on schedule…Let’s Encrypt renewals are part of that scheduled job.

im sorry, how would i check? webmin - system - scheduled cron jobs?

Virtualmin Configuration->Status Collection

There are several options in that section, but what I’d recommend is that if it is not currently disabled, turn it off and then back on again. Maybe that’ll regenerate the scheduled job (which does end up in the Webmin scheduled jobs list, but there’s no user-friendly way to create it aside from getting Virtualmin to do it for you).

If status collection is too heavy for your system (and it can be heavy on systems that have low memory), just reduce the frequency by a lot…like run it every hour or four or whatever. But, you really do want it running at least once a day because it does so many important house-keeping tasks.

“Interval between status collection job runs” changed from 5 mins to never, saved, rechecked config, setting changed back to 5 mins, saved, rechecked config. it should attempt to renew the cert next week. we’ll see…


If the problem persists, do follow up. I’ll have to talk to Jamie about what else to look at, if it does continue to fail, as I’m out of ideas. It’s not something that has a lot of knobs to twiddle, so there’s not really much that should be able to go wrong, but I’ve seen people report it at least a couple of times.

it did not renew. :frowning:

Does anything about it appear in the /var/webmin/webmin.log or in any of the other logs in that directory? Do other scheduled tasks happen? e.g. does the dashboard tell you when you have software updates available (without having to manually refresh it)?

Also important to know.

1 Domain or more / all domains on that server.?
For those domain(S) SUBSERVER / ALIAS / SUBDOMAIN eXISTS in the domainlist GUI LE cert?

Apache or NGINX.

If apache url rewrites / forwarding htaccess somewhere…

If manually renew no errors at all in error logs?

Somehow cleanup LE older not used certs, don’t know