Does Lets Encrypt or Virtualmin send a reminder notice in advance of SSL expiration?

9 posts / 0 new
Last post
#1 Sat, 01/21/2017 - 05:32
amityweb

Does Lets Encrypt or Virtualmin send a reminder notice in advance of SSL expiration?

I usually use Namecheap who kindly remind me several times by email of an impending SSL expiration so I can make sure to renew it before hand.

Does Lets Encrypt or Virtualmin send a reminder notice in advance of SSL expiration too?

Thanks

Sat, 01/21/2017 - 23:32
cyrus

Yes, Letsencrypt does

Thu, 01/26/2017 - 14:51
vstoykov

Why sending a reminder? Why it is not updated automatically instead?

Sat, 02/18/2017 - 01:47
amityweb

Sorry for late reply, didnt get notification from the forum....

@vstoykov I am now adding 12 in the box and selecting automatically, so I do hope that just means it happens automatically and I dont do anything from now on, but initially for some domains I did not check this box, so it was set to manual renew and I wanted to know how I will know when to renew it.

@cyrus but I didnt enter any contact info, so how would Lets Encrypt remind me, to what email address?

Thanks

Sat, 02/18/2017 - 01:57
amityweb

I am also concerned about the lack of documentation about this... I assumed the value I entered here meant when it will expire, like with other certificate providers you choose 12 months or more, so I thought 12 would mean thats when it expires. But just checking, a new cert I added expires only in 3 months from now! Are they all like that? So what should I enter in the auto renewal months, 3 months?

Its quite vague and open for mistakes this process. Cant it just renew itself without me specifying the time?

Sun, 02/19/2017 - 04:45
AustinTX

Seriously, I don't get any advance notification. And your Let's Encrypt certs expire after 4 months, last I heard. You need to renew them that often. If you selected 12 months (which Virtualmin lets you do for no good reason) then your SSL site will fail 4(?) months later. I select 3 months. If you have auto-renew enabled, the admin of the given virtual server will get an email - if the renewal was successful. These pitfalls ought to be explained on the LE tab, and auto-renewal should be already configured and enabled by default.

Wed, 02/22/2017 - 13:43
scotwnw

Admins should be setting up a check separately from letsencrypt if its important a cert doesn’t expire. This applies to all certs, not just letsencrypt. I for one have never gotten reminders of expiring certs from letsencrypt, then again, I never expected my hand to be held when its free. Read the letsencrypt docs. Setup a check in webmin for any cert by going to... Webmin -- others -- system and server status. Add monitor of type - SSL cert. I also setup a DNS check as well to be sure the domain hasnt been hijacked.

OH and letsencrypt certs are valid for 90 days. That box in webmin is asking how often you want to renew the cert, not how long you want the cert last. if you put anything over 3 months, it will expire. https://letsencrypt.org/docs/faq/. I use 2 months on all mine.

Thu, 02/23/2017 - 10:15
amityweb
Admins should be setting up a check separately from letsencrypt if its important a cert doesn’t expire.

Google is now recommending all sites are secured, and will show a warning in Chrome for most sites that dont have it (mainly ones with forms I think).

So based on this I would like to reach a position where ALL my hosted webites are secure, and we're talking hundreds.

So it is completely unreasonable to have a manual check on all websites for expiry, and will be completely open to error.

It is therefore vital to have an automated renewal that works without any checks, or to have reminders. In fact auto renewals is necessary for such a large number of sites.

I have now changed to auto renewal and have to just cross my fingers it works. It would be great to have some command line script to show all of them with expire dates.

Thanks

Sat, 03/04/2017 - 08:10
unborn
unborn's picture

it does. I get emails from virtualmin/webmin that cert failed or was updated or when it will expire..

Configuring/troubleshooting Debian servers is always great fun

Topic locked