Not sure if my Let's Encrypt certificate has been renewed, or if it's about to expire

I’ve gotten several reminder emails from the “Let’s Encrypt Expiry Bot” over the last couple of weeks, warning me that my certificate would soon expire.

Your certificate (or certificates) for the names listed below will expire in
1 days (on 16 Apr 18 17:36 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.

grantwinney.com
www.grantwinney.com

I assumed the Ghost installation must usually run a script to renew the certificate for us, since this is the first time I’ve gotten a warning email like this, so I checked crontab with sudo crontab -l and I see a job:

45 0 * * * "/etc/letsencrypt"/acme.sh --cron --home "/etc/letsencrypt" > /dev/null

When I don’t use sudo before the previous command, I see a different (I assume user-level) cron job:

31 0 * * * "/home/grant/.acme.sh"/acme.sh --cron --home "/home/grant/.acme.sh" > /dev/null

Then I checked /var/log/syslog and I see multiple entries indicating cron.hourly and cron.daily etc. jobs are running…

Apr 15 07:17:01 ghost-blog CRON[14455]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)

Beyond this, I’m not sure how to verify the “letsencrypt” job is running successfully. When I load my site (https://grantwinney.com) in the browser and check the certificate, it indicates the expiration date has already been extended:

Issued To: Common Name: grantwinney.com
Issued By: Common Name: Let’s Encrypt Authority X3
Period of Validity
Begins On: March 24, 2018
Expires On: June 22, 2018

Anybody seen this before? It sure looks like the renewal already took place, yet Let’s Encrypt keeps warning me that it hasn’t.

This is for sure related to Cron SSL not working · Issue #554 · TryGhost/Ghost-CLI · GitHub.
In a previous CLI version the cronjob was executed without sudo in a different location. The cleanup to the new folder didn’t happen correctly.

Everything looks correct from your output.

2 Likes

Thanks Kate. So no action should be needed?

I’m trying to understand all the details in that linked issue. Is the Ghost Doctor utility something I can run manually to check for problems, or is that what runs during a ghost update when I see a series of checks being done and then green checkmarks show up next to each item?

✔ Checking system Node.js version
✔ Ensuring user is not logged in as ghost user
✔ Checking if logged in user is directory owner
✔ Checking current folder permissions
✔ Checking folder permissions
✔ Checking file permissions
✔ Checking content folder ownership
✔ Checking memory availability
✔ Checking for available migrations
☱ Checking for latest Ghost version

You can run ghost doctor manually, but it also runs during important steps, like install, update, and start.

Just FYI, cron doctor check has not been written yet :wink:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.