Let's encrypt autorenewal not working?


I use VirtualMin with great pleasure.

I like how easy I can install and maintain my SSL certificates now using let’s encrypt. However, I had set let’s encrypt to autorenew every 2 months on all my sites. Today I woke up to non-working sites. I checked the certificates and it said ‘Last renewal date: 3.03 months ago’.

So, I requested the certificates again and everything is working now.

How can I actually autorenew the certificates in the future? I would like to renew it every 2 months, but clearly that is not working. Am I missing something, a cronjob I need to configure maybe?

Thanks a lot in advance!

Do you have the current version of Webmin (1.851) and Virtualmin virtual-server module (5.99 or 6.0)? There have been some issues where LE folks changed the way things worked causing our client to fail in some cases. But, I think it’s all been fixed.

I believe these jobs use the Webmin cron, rather than system cron, but I might be wrong. I’ve never needed to babysit it, though. It should Just Work™.

Hi, I upgraded everything less then 1 month ago, but I will check again and upgrade everything to see if it resolves the issues. Thanks for your help!

Hey Guys,

This is still nog working. Someone PLEASE HELP! This is really annoying, I have to manually renew all the time.

I have upgraded everything to the latest version since I last posted my issue here. I have auto renew set to 2 months. Still nothing renews after 2 months.

What can I do?


Operating system Ubuntu Linux 14.04.1
Webmin version 1.852
Usermin version 1.720
Virtualmin version 6.00
Theme version Authentic Theme 18.49-9
Time on system Saturday, September 23, 2017 1:53 PM
Kernel and CPU Linux 3.13.0-32-generic on x86_64

Any help will be very much appreciated!

I don’t know. I’m not able to reproduce this…my certs are auto-renewing on all of my servers.

Have you turned off status collection in Virtualmin? Let’s Encrypt happens as part of that scheduled job, so it has to be enabled. If it’s too resource intensive to have it running all the time, you can make it very rarely (like once every 4 hours or something).

Hi Joe,
Thanks for your help. Where can I see if status collection is enabled?

Virtualmin -> System Settings -> Virtualmin Configuration, about 3/4 of the way down the page.

It is set to run every 5 minutes… How can I verify if it actually is running? Is there a way to manually fire the virtualmin autorenew job from console? That way I could create a custom cronjob for the autorenewal.

There must be some kind of fix or work around for this I hope :confused:

Thanks for your help!

We can’t fix it until we know why it isn’t working. You’re the first person to report it (that I know of).

You can check Webmin->Webmin->Webmin Configuration->Webmin Scheduled Functions to see if there’s a “System Status” job (“scheduled_collect_system_info” is the actual function being called).

You could try turning the scheduled job off and back on, though if you see that job and it is scheduled to run every 300 seconds in the Webmin module, it seems likely not to change anything…but, I guess it’s worth a shot.

You can try restarting Webmin (as these scheduled jobs run as part of the Webmin daemon).

You can check the Webmin logs for clues. Those are in /var/webmin/miniserv.error (the error log) and /var/webmin/webmin.log (the actions log). You may be able to increase logging around this topic, I’m not sure what logging hooks we have in there.

This particular function is a Webmin function, it is not a cron job and there is no command you can run to trigger it, so running it outside of Webmin isn’t possible (well, we can write a script to run it manually if it comes to that, but that may not actually tell us anything useful…the

‘You can check Webmin->Webmin->Webmin Configuration->Webmin Scheduled Functions to see if there’s a “System Status” job (“scheduled_collect_system_info” is the actual function being called).’

That’s interesting. I don’t have that job. I don’t see a way to add another job to the list.

My install is Debian 9 from the beta 6 installer a couple of months ago. I have all updates other than the recent virtualmin-lamp-stack and awstats packages.

That is surprising.

But, disabling and re-enabling the status collection in Virtualmin will likely create it. Do you see other jobs in the list? There should be several.

If that doesn’t solve it, I’ll ask Jamie how we can force its re-creation (but, I think it’ll solve it).

Hi, thanks for your help.

So I checked everything. In opposition to @noisemarine, I do have the scheduled function listed under Webmin > Webmin configuration. I have now changed the interval to 600 seconds instead of 300 and re-saved the scheduled job. It seems to make no difference since it has been 10 minutes and the let’s encrypt certificates are still not renewed.

I also checked the suggested log files. The error log shows mainly 2 errors (repeatetly):

  • [IP.AD.DR.ES] Document follows: This web server is running in SSL mode. Try the URL …
  • No passwd entry for user ‘MainUserName’

Can this password entry error explain the problem? I now remember that I have disabled (a while ago) any rights for my main server user (for security). So the user Shell under Webmin > User and Groups is set to /bin/false. Should I change that to /bin/sh?

Also, the error says 'No password entry for user ‘UserX’. However, UserX is non-existent. Is the scheduled webmin job for status collection trying to run as UserX, while that user does not exist anymore?

Lastly, I have disabled the usermin service, that can’t be the cause right?

One more thing: if I go to my virtual server details it says ‘Administration username’ = ‘UserX’. However, UserX does not exist. I changed that a long time ago to another username. Why is it still saying username is UserX, and how can I change /fix that?

Update: if I go into Virtualmin > List virtual servers I can see that my main server has the correct Username. All the subservers have an old Username, which does not exist anymore. Can this be the cause? How can I update the sub-servers to use the main-server Username?

Check if site is only HTTPS? Change t to allow HTTP and test. Might even be a redirect of all to HTTPS.
However if manual renew working this not the isue.

I have many other jobs there. I tried disabling and re-enabling status collection but I didn’t get the ‘scheduled_collect_system_info’ job.

In any case, I checked my oldest website and the LE cert updated a couple of weeks ago. However it’s actually being called, renewal seems to be working. I was mainly curious that if I didn’t have that job, would my LE certs fail, also.

I’m pretty sure it is related to the wrong user being used for the subservers. The miniserv log is full with the error ‘No passwd entry for user UserX’. If I tail the log the error shows up every X minutes, so it defenitely is some kind of interval, maybe the status update interval which should do the let’s encrypte auto-renew.

How can I change the user that is being used for this status update scheduled job? Or how can I change the administration user for my virtual sub-servers?

Great news! I resolved the issue! As I expected myself it was because of the user that executed the scheduled job did not exist. What I did now is, I recreated the missing user. After that, the auto renew worked.

However, I’d rather not have to use this user. So my question comes down again to: how can I change the administration user used for SUB-servers. Or how can I change the user that executes the scheduled jobs?

Please help!

That’s bug-like. If it’s reproducible we should open a ticket so Jamie can take a look at it.

In my situation, I have done this:

  • I had a VPS where the virtualmin main user was named ‘UserServer1’
  • I have copied the entire VPS. Then I logged into the new VPS and I renamed UserServer1 to UserServer2.
  • Now my in Virtualmin on my new VPS, the main website says ‘Administrator user is UserServer2’. However, all the sub-servers say ‘Administrator user is UserServer1’.
  • The scheduled jobs seem to execute as UserServer1 while it should execute as UserServer2.

The easy fix will be for me to rename UserServer2 back to UserServer1, since that’s the user associated to the subservers and used for the scheduled status collection job. However, I would rather have names that make sense to me and stick to UserServer2 as username.

I don’t know if you can reproduce this, the clone was made on a way older version of Virtualmin, so not sure if it still exist. However, I would rather know how I can change the username in a way it also changes the username for all my subservers.

I guess an easy reproduce is to create a virtual server, then create a couple sub-servers. After that, change username of main server. Sub servers will still use the old username, while they should use the new main server username instead. But I am not sure this issue is related to the wrong user executing the scheduled status collection job.

Two straight forward questions:

  1. Is it possible to manually overwrite the subserver administration user somehow?
  2. Is it possible to manually change the user that is being used to execute the webmin scheduled functions?

Hopefully someone can answer these questions?