1
SSL Certificates - Lets Encrypt - How to Force renewal
Question asked by Curtis Kropar www.HawaiianHope.org - 5/20/2024 at 4:44 PM
Answered
Using SM 8797
Ok, So, we have now several domains that lets encrypt did not auto renew on - including ours. It was supposed to renew on 4/20/24 and here we are on 5/20/24 and the certs expired. Originally, I thought it may be, because we have country blocking set up on our firewall and I have it set pretty aggressive to keep the parasites out. But I just looked at plesk and all of the SSL certs for the same domains auto renewed no problem, so it is not a firewall issues that i can tell.
So with this, Here are several questions : 

1) What is the time line or schedule that SmarterMail will automatically retry to install a Lets Encrypt Cert ? Is it once a day, once every 12 hours, once every 15 minutes, what ?  When should i expect it to retry and potentially work ?
2) Is there a way to click some button someplace and get SM to forcibly retry to create the certificate on demand ? ("do it now") ?  If not, there should be.
3) Is there some log someplace that i can see exactly what is happening with the certificated in SM ?



www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !

6 Replies

Reply to Thread
0
Zach Sylvester Replied
Employee Post
Hello Curtis, 

Thank you for getting in touch about this. We have observed this issue occurring when Let's Encrypt imposes rate limits on your IP address. We have a solution for this in the beta version. Could you please open a ticket so that we can investigate this matter further?

Kind regards,
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
0
Thanks. I actually have a ticket about the SSL thing from Back in february when I first set up SM. Looks like it is actually the same issue. I will reopen that one.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
Actually it woudl not let me reopen that one. I just created a new one.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
SO, This is still not resolved. SM Support basically told me that SmarterMail is not compatible with Plesk and i need to choose between plesk and SmarterMail. Then they told me to contact plesk as it seems plesk is intercepting the certificate renewals.
So, I am back to the same 3 original questions I posted above.
Can someone please answer them.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
Marc Rainville Replied
Employee Post Marked As Answer
1) What is the time line or schedule that SmarterMail will automatically retry to install a Lets Encrypt Cert ? Is it once a day, once every 12 hours, once every 15 minutes, what ?  When should i expect it to retry and potentially work?
  • Every 6 hours it will retry
2) Is there a way to click some button someplace and get SM to forcibly retry to create the certificate on demand ? ("do it now") ?  If not, there should be.
  • There is a "Resolve Conflicts" action that will force a retry, to avoid rate limiting issues, it will only allow you to force a reorder every 2 hours.
3) Is there some log someplace that i can see exactly what is happening with the certificated in SM ?
  • Certificates log, prefixed by "ACME:" will show the requests to let's encrypt.

There were improvements to the logging and some renewal logic in build 8909 so I recommend upgrading if you have not already.
Marc Rainville Software Developer SmarterTools Inc. www.smartertools.com
0
Thanks. 
I am having plesk guys take a look at this again and see if there is some work around, since they are intercepting,  A number of years ago (7-10 ??) , wasn't plesk one of the like partner agencies with smartertools ? Your products seemed to work flawlessly together back then.

We are also planning to upgrade to a newer build of smarter mail, possibly soon, but i want to make sure it is stable enough and does not just exchange one type of problem for another type of problem.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !

Reply to Thread