there is a strange behavior of letsencrypt script. I guess this is no bug, but maybe some config issue:
Using a working installation of ODroid-NAS/NCP V1.13.1/NC 22.214.171.124/valid letsencrypt certificate.
Have to use dual stack (IPv4/IPv6) for other usecases.
In this config the letsencrypt script fails with timeout (maybe IPv6 problem).
So I switch to IPv4 ONLY in my router and do manual certificate renewal with script from web interface.
Then script say “success”, but certificate has still old expiration date.
(Dual stack is then switched on again.)
Looking into the content of “/etc/letsencrypt/live/” shows:
/etc/letsencrypt/live/domain.myfritz.net (contains almost expired certificate)
/etc/letsencrypt/live/domain.myfritz.net-0001 (contains new certificate)
Replacing the old and almost expired certificate with the new ones from “-0001”-folder. After restart, the new certificate is used.
Before the new certificate is outdated, I repeat this procedure, of course.
So next time content of “/etc/letsencrypt/live/” increases again:
(…and so on and on)
Question: Do someone know the root cause or how to fix this?
Hint: This is the log from successful certificate renewal. Is the outdated cerbot the problem?
[ letsencrypt ]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Attempting to parse the version 0.33.1 renewal configuration file found at /etc/letsencrypt/renewal/domain.myfritz.net-0001.conf with version 0.28.0 of Certbot. This might not work.
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain.myfritz.net
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2019-09-02. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
- If you like Certbot, please consider supporting our work by: