This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cert not updated using René Klomp's LetsEncrypt script

I've been successfully using René Klomp's scheme for using LetEncrypt certs with UTM9's reverse-proxy setup for over a year until this weekend. It seems the cron job properly detected the soon-to-expire cert, renewed it, and used René's update-cert script to install it into the UTM's certificates but not completely. The reverse proxy is still using the old expired cert.

I manually ran the getssl script last night to see if that would fix it but no luck. When I pull up Webserver Protection > Certificate Management > Certificates and find the entry in question, it shows "Valid from Sep 10 01:11:17 2018 GMT through Dec 9 01:11:17 2018 GMT" as expected but when I download the cert in PEM format and look inside, it's the expired cert with "Not After : Sep 9 16:55:15 2018 GMT" in it. 

I SSH'd into the machine and found /var/storage/chroot-reverseproxy/usr/apache/conf/ssl still contains the old cert so I don't think this is a caching issue on the client or in some intermediate proxy. 

Anybody have a suggestion where to look further?



This thread was automatically locked due to age.
  • Disregard.  Was onsite this afternoon.  Applied pending updates (had 430 days uptime o.O), rebooted it, then reran getssl and it's working again now. Not a fan of the "Microsoft solution" (just reboot it) but was at a loss how to proceed so I ran with it.