[Act] Fwd: SSL certificate expiry notification for act.perl-workshop.ch (will be expiring after 3 days)

Sébastien Aperghis-Tramoni sebastien at aperghis.net
Mon Aug 5 18:22:01 CEST 2019


Stefan Hornburg (Racke) wrote:

> On 8/5/19 12:02 AM, L Boivin wrote:
> > Hi Lee,
> > 
> > Renewal of the certificates is automated.
> > It should be OK.
> > 
> > Cheers
> > Laurent
> 
> Hello Laurent,
> 
> actually Let's Encrypt certificates are renewed about 30 days before
> expiration. So this could mean that
> the renewal didn't work for some reason or the webserver wasn't
> reloaded/restarted after then renewal.
> 
> I would suggest to check this out ASAP.

There was indeed a problem: because of the way the SSL termination is
done here, the validation method used is stateless
→ https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode

I assumed that the account thumbprint was not supposed to expire, but
it seems that it does expire. Fetching the new thumbprint, updating
the configuration and running the LE client again, and the certificate
is renewed.


Thanks for the warning.

-- 
Sébastien Aperghis-Tramoni

Close the world, txEn eht nepO.


More information about the Act mailing list