Is there a way to force a certificate renewal? #32

Closed
opened 2019-03-13 20:00:28 +00:00 by Ghost · 1 comment

One of my production servers using greenlock is not automatically renewing its certificate, and I would like to "force" it, and/or figure out what is wrong. Is there an API or method I can call to trigger the renewal?

I'd also like to capture the result, to see what the error is, if any. I can't find any logs for greenlock (the log directory is empty), so I don't know if it has attempted renewal and failed, or simply isn't attempting it at all.

Related, if I use your Manual HTTPS method, does the greenlock.register() method actually re-register the certificate each time it is called? I wonder if I should just call that at startup.

Thanks!

One of my production servers using greenlock is not automatically renewing its certificate, and I would like to "force" it, and/or figure out what is wrong. Is there an API or method I can call to trigger the renewal? I'd also like to capture the result, to see what the error is, if any. I can't find any logs for greenlock (the log directory is empty), so I don't know if it has attempted renewal and failed, or simply isn't attempting it at all. Related, if I use your [Manual HTTPS](https://git.coolaj86.com/coolaj86/greenlock.js#manual-https) method, does the `greenlock.register()` method actually re-register the certificate each time it is called? I wonder if I should just call that at startup. Thanks!
Owner

Sorry for the late response.

The best way to force it is to remove the certificate from the file system and restart.

I just did a whole boat load of cleanup, so if you update to v2.7 and switch from using le-store-certbot to le-store-fs ( usage can be seen at https://git.coolaj86.com/coolaj86/greenlock-express.js/src/branch/master/examples/wildcard.js ), I'd be interested to know if that alone fixes it.

If you were using le-store-certbot before (the default), it really sucked at multiple-domains on a single certificate due to legacy code...

The new soon-to-be-default store plugin shouldn't have those problems (and should serve as a much better example for building your own).

Sorry for the late response. The best way to force it is to remove the certificate from the file system and restart. I just did a whole boat load of cleanup, so if you update to v2.7 and switch from using `le-store-certbot` to `le-store-fs` ( usage can be seen at https://git.coolaj86.com/coolaj86/greenlock-express.js/src/branch/master/examples/wildcard.js ), I'd be interested to know if that alone fixes it. If you were using `le-store-certbot` before (the default), it really sucked at multiple-domains on a single certificate due to legacy code... The new soon-to-be-default store plugin shouldn't have those problems (and should serve as a much better example for building your own).
Sign in to join this conversation.
No Label
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coolaj86/greenlock.js-ARCHIVED#32
No description provided.