-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Force renew certificate #42
Comments
Do you need more information about this issue? Thanks in advance |
Sorry for the delay. The process you outlined seems like it should work, so I'm not sure why you're still getting the old certificates. If I haven't had a chance to try and reproduce this, but as a first step, you might try enable nginx debug logging ( |
I finally took some time to try this again with the debug log. There's nothing out of the ordinary in the dehydrated log. The cert files are actually different, but the cert's validity contains the same dates, so I thought they were the same. It looks like Let's Encrypt is returning a new cert with the existing validity dates (when the cert doesn't need to be renewed). I'm closing this one, thanks |
Sorry to post on a closed topic, but if I am not using Redis, would simply deleting the |
You would need to also delete the domain's files in /etc/resty-auto-ssl/storage, then restart your server to purge the cert from its cache. |
I've had times where even after restarting the server, the expired cached cert would be served. How can I delete cached certs manually? |
I've been working on a feature for our hosting setup that generates Let's Encrypt certificates using lua-resty-auto-ssl to force the renewal of a certificate (this would be useful in case of a security issue with Let's Encrypt, for example having to do with OpenSSL and forcing to renew all certs).
Here's what I have done so far:
domain..":latest"
)"domain:fullchain_der:"..domain
"domain:privkey_der:"..domain
from the nginx cachecert.csr
,cert.pem
,chain.pem
,fullchain.pem
andprivkey.pem
from/etc/resty-auto-ssl/letsencrypt/certs/$domain
On the next request to the domain I do get new symlinks in
/etc/resty-auto-ssl/letsencrypt/certs/$domain
and the private keys changes, but the cert remains the same. It looks like Let's Encrypt is returning the same cert somehow, or did I miss something?Is there a feature in lua-resty-auto-ssl that's calling dehydrated to force renewal that I missed, or is this something that would need to be implemented?
Thanks!
The text was updated successfully, but these errors were encountered: