Question on /etc/letsencrypt/renewal settings and auto-renew not working

|OS type and version|Ubuntu 20.04.4|
|Webmin version|1.984|
|Virtualmin version|6.17-3|
|Related packages|Certbot|

Like a lot of people I’ve had issues trying to get the auto-renew of certificates “restarted” after it stopped working about 9 months ago. I’ve plowed through all the “help” I can find in the forums and cannot discover what’s wrong.

Today, through chance, I found the /etc/letsencrypt/renewal directory that has all the websites listed in it.

But one of the settings seem a tad strange.

The first setting is commented out : # renew_before_expiry = 30 days

I don’t want to mess things up, but could this be why the auto-renew is not working?

All the “” files have a time stamp of today, which is when I renewed all the certs manually. I did trigger for every site the auto-update to “off”, then “on”.

Stay Safe Out There …



Don’t mess directly with Let’s Encrypt settings unless you plan on crippling Virtualmin’s ability to manage renewals as they have a script that does this.

The first thing I check when a renewal doesn’t happen is whether the domain itself is setup to auto renew the cert. I’ve found sometimes you need to re-enable the feature from the SSL section.

Second thing I check is, are there any domains that have expired or otherwise don’t point to your server anymore. When a domain that has SSL enabled isn’t properly pointing, it’ll cause the cert renewal attempts to exceed LE limits which causes other domains to stop renewing.


Thanks for the fast response. This morning I renewed all certs manually, on each website I reset the setting for auto-renew from “On” to “Off” to “On” again. But I tried this previously to no avail.

No expired or outdated web-sites, all active and fully working.

It’s a shame, because it all worked perfectly for a couple of years (since Virtualmin introduced the function). Fortunately I only have a few sites, so it’s easy to set my calendar for 2 months 1 day, and get a new cert for all the sites, about 20 minutes work, so no big deal. (It’s just driving me crazy I cannot find whats causing this to happen!)

Stay Safe … Nigel.


You gave me a clue. I relooked at the SSL section in Virtualmin Configuration. I spotted that the setting for Auto-Renewal was 21 days, you can now hear me asking myself, when did that change from 30 days, which used to be the default. Because I’ve been checking that it works with 26 or 27 days before renewal. :face_with_raised_eyebrow:

So I’ve set it manually for 30 days, and with fingers crossed hoping it will work!


I wrote a script some time ago which in conjunction with the API and standard SSL libraries does a semi automated check of each domain and renews if expiry is within a certain amount of days.

I run it periodically via cron just in case Virtualmin’s task doesn’t completely work.


That’s a good idea.


If you’d like a copy of the script I can send it over. Just drop me a line. It’s simple and makes use of VM API so doesn’t break integration with it.

Only thing that was basically added was a way to check expiry date, a feature that might even be possible through VM API now.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.