I’ve gotten several reminder emails from the “Let’s Encrypt Expiry Bot” over the last couple of weeks, warning me that my certificate would soon expire.
Your certificate (or certificates) for the names listed below will expire in
1 days (on 16 Apr 18 17:36 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.
I assumed the Ghost installation must usually run a script to renew the certificate for us, since this is the first time I’ve gotten a warning email like this, so I checked crontab with
sudo crontab -l and I see a job:
45 0 * * * "/etc/letsencrypt"/acme.sh --cron --home "/etc/letsencrypt" > /dev/null
When I don’t use
sudo before the previous command, I see a different (I assume user-level) cron job:
31 0 * * * "/home/grant/.acme.sh"/acme.sh --cron --home "/home/grant/.acme.sh" > /dev/null
Then I checked
/var/log/syslog and I see multiple entries indicating
cron.daily etc. jobs are running…
Apr 15 07:17:01 ghost-blog CRON: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Beyond this, I’m not sure how to verify the “letsencrypt” job is running successfully. When I load my site (https://grantwinney.com) in the browser and check the certificate, it indicates the expiration date has already been extended:
Issued To: Common Name: grantwinney.com
Issued By: Common Name: Let’s Encrypt Authority X3
Period of Validity
Begins On: March 24, 2018
Expires On: June 22, 2018
Anybody seen this before? It sure looks like the renewal already took place, yet Let’s Encrypt keeps warning me that it hasn’t.