letsencrypt auto update

This is where you can find the latest ADM official release. Feel free to discuss any questions regarding it here.

Moderator: Lillian.W@AST

ho66es
Posts: 476
youtube meble na wymiar Warszawa
Joined: Wed Mar 13, 2013 5:38 am

letsencrypt auto update

Post by ho66es »

Hi,

latest adm on my 608t and letsencrypt fails to auto update despite having option selected and the cert expiring at the end of august.

any ideas how to force it? happy to use terminal

cheers
608t
User avatar
Kapitein Haak
Posts: 333
Joined: Tue Oct 15, 2013 2:40 pm
Location: Stranded on the Dutch coast.

Re: letsencrypt auto update

Post by Kapitein Haak »

Hello ho66es,

I found this viewtopic.php?f=27&t=8939&p=28667&hilit=encrypt#p28667 thread which manually updated the certificate (ADM 2.7.x). Maybe it will still work.

Best regards,
Kapitein Haak.
"What would the world be like without Captain Hook?"
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
ho66es
Posts: 476
Joined: Wed Mar 13, 2013 5:38 am

Re: letsencrypt auto update

Post by ho66es »

sadly that appeared to do nothing :(
608t
User avatar
Kapitein Haak
Posts: 333
Joined: Tue Oct 15, 2013 2:40 pm
Location: Stranded on the Dutch coast.

Re: letsencrypt auto update

Post by Kapitein Haak »

Then it is time to create a ticket with asustor. On my NAS (AS-304) the cronjobs list:
0 0 * * * TAG=CERTIFICATE /usr/builtin/bin/certificate update-cert
30 0 * * * /bin/sh /usr/builtin/sbin/ntpupdate.sh europe.pool.ntp.org
My certificate was updated halfway august (when I was running Beta 5).
"What would the world be like without Captain Hook?"
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
jauling
Posts: 52
Joined: Wed Feb 01, 2017 1:34 am
Location: Amsterdam

Re: letsencrypt auto update

Post by jauling »

does auto update work in ADM 3.1?

My certificate expired an hour ago, and ADM 3.0.1 did NOT auto update :(
joe
Posts: 62
Joined: Fri Feb 28, 2014 2:59 am

Re: letsencrypt auto update

Post by joe »

I have a related thread here: viewtopic.php?f=23&t=6576&p=30257#p30257

My certificate auto renew recently failed but I believe a renewal may have been attempted and the renewal failure was caused by port 80 being closed to the NAS. That's a complete guess mind you because I'm unable to find any trace of any log anywhere that details why the cert renewal failed or if indeed it was even attempted. It's this that I'm trying to extract out of asustor support right now: "Are there any log files maintained around certificate maintenance time?"
User avatar
Kapitein Haak
Posts: 333
Joined: Tue Oct 15, 2013 2:40 pm
Location: Stranded on the Dutch coast.

Re: letsencrypt auto update

Post by Kapitein Haak »

Hello Joe,

AFAIK let's encrypt will verify your certificate by reading a requested file from your webserver. For some obscure reason (people want a certificate for https, not http), the file is checked on http. So, closing port 80 will stop auto renewal.

Best regards,
Kapitein Haak.
"What would the world be like without Captain Hook?"
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
joe
Posts: 62
Joined: Fri Feb 28, 2014 2:59 am

Re: letsencrypt auto update

Post by joe »

Hi Kapitein Haak,

Yes I'm aware that port 80 needs to be open for let's encrypt cert renewal to work successfully and that's why closing this port is a solid method to force a renewal failure.

I think you're missing the point that I'm trying to make and not seeing the thing that I'm trying to extract from asustor support at the moment: "in the event of a cert renewal failure, is anything logged anywhere?"
User avatar
Kapitein Haak
Posts: 333
Joined: Tue Oct 15, 2013 2:40 pm
Location: Stranded on the Dutch coast.

Re: letsencrypt auto update

Post by Kapitein Haak »

Ahh, if that is the case, you should log a support call at support.asustor.com. The Asustor employees aren't very active on these forums.

Best regards,
Kapitein Haak.
"What would the world be like without Captain Hook?"
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
joe
Posts: 62
Joined: Fri Feb 28, 2014 2:59 am

Re: letsencrypt auto update

Post by joe »

yes already done mate and it would appear that they're not too hot when you ask support questions directly either..
Post Reply

Return to “[Official] For AS-60X Series”