Back to Community Threads
1
SSL Certificates - Lets Encrypt - How to Force renewal
Question asked by Curtis Kropar www.HawaiianHope.org - 5/20/2024 at 4:44 PM
Answered
Using SM 8797
Ok, So, we have now several domains that lets encrypt did not auto renew on - including ours. It was supposed to renew on 4/20/24 and here we are on 5/20/24 and the certs expired. Originally, I thought it may be, because we have country blocking set up on our firewall and I have it set pretty aggressive to keep the parasites out. But I just looked at plesk and all of the SSL certs for the same domains auto renewed no problem, so it is not a firewall issues that i can tell.
So with this, Here are several questions : 

1) What is the time line or schedule that SmarterMail will automatically retry to install a Lets Encrypt Cert ? Is it once a day, once every 12 hours, once every 15 minutes, what ?  When should i expect it to retry and potentially work ?
2) Is there a way to click some button someplace and get SM to forcibly retry to create the certificate on demand ? ("do it now") ?  If not, there should be.
3) Is there some log someplace that i can see exactly what is happening with the certificated in SM ?

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !

6 Replies

Reply to Thread
0
Zach Sylvester Replied
5/20/2024 at 5:02 PM
Employee Post
Hello Curtis, 

Thank you for getting in touch about this. We have observed this issue occurring when Let's Encrypt imposes rate limits on your IP address. We have a solution for this in the beta version. Could you please open a ticket so that we can investigate this matter further?

Kind regards,
Zach Sylvester System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Thanks. I actually have a ticket about the SSL thing from Back in february when I first set up SM. Looks like it is actually the same issue. I will reopen that one.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
Actually it woudl not let me reopen that one. I just created a new one.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
SO, This is still not resolved. SM Support basically told me that SmarterMail is not compatible with Plesk and i need to choose between plesk and SmarterMail. Then they told me to contact plesk as it seems plesk is intercepting the certificate renewals.
So, I am back to the same 3 original questions I posted above.
Can someone please answer them.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
Marc Rainville Replied
5/28/2024 at 8:40 AM
Employee Post Marked As Answer
1) What is the time line or schedule that SmarterMail will automatically retry to install a Lets Encrypt Cert ? Is it once a day, once every 12 hours, once every 15 minutes, what ?  When should i expect it to retry and potentially work?
  • Every 6 hours it will retry
2) Is there a way to click some button someplace and get SM to forcibly retry to create the certificate on demand ? ("do it now") ?  If not, there should be.
  • There is a "Resolve Conflicts" action that will force a retry, to avoid rate limiting issues, it will only allow you to force a reorder every 2 hours.
3) Is there some log someplace that i can see exactly what is happening with the certificated in SM ?
  • Certificates log, prefixed by "ACME:" will show the requests to let's encrypt.

There were improvements to the logging and some renewal logic in build 8909 so I recommend upgrading if you have not already.
Marc Rainville Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Thanks. 
I am having plesk guys take a look at this again and see if there is some work around, since they are intercepting,  A number of years ago (7-10 ??) , wasn't plesk one of the like partner agencies with smartertools ? Your products seemed to work flawlessly together back then.

We are also planning to upgrade to a newer build of smarter mail, possibly soon, but i want to make sure it is stable enough and does not just exchange one type of problem for another type of problem.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Integrating Existing SSL Certificates With SmarterMail Automated SSL CertificatesSmarterMail > Server Configuration and Management
SSL Issues for Hosted SmarterTrack DomainsSmarterTrack > Troubleshooting
Troubleshooting SmarterMail Automatic SSL CertificatesSmarterMail > Troubleshooting