Autorenewal with Letsencrypt SSL Lego

Hi,

We wanted to let you know that we identified an issue in the Let’s Encrypt SSL renewal command that was added to crontab.

We are currently working on documenting the fix for existing installations, but if you want to get it fixed, we recommend you run the Bitnami HTTPS Configuration Tool, which should detect the existing certificate and add the proper entry to Crontab.

In summary, the problem happens because Let’s Encrypt spins up a TCP server running on port 80/443 (–tls challenge) to validate the domain (the validation only happens each 1-2 months), but if Apache is running in that verification won’t work. With the new approach we moved to the --http challenge instead, but with the downside that it requires configuring Apache. The good thing is that the Bitnami HTTPS Configuration Tool does this automatically for you.

Just a quick note to let you know that my certs successfully updated on June 1 as expected. I really did just need to wait until the certificates were close enough to expiration for the auto cron job to pull new ones.

I’ll look into implementing the fix you’ve mentioned later in this thread to keep it working. Thank you!

1 Like