Skip to content

Fix LE renewal to schedule by elapsed interval#2752

Merged
jcameron merged 2 commits into
masterfrom
dev/fix-broken-renewals
Jun 6, 2026
Merged

Fix LE renewal to schedule by elapsed interval#2752
jcameron merged 2 commits into
masterfrom
dev/fix-broken-renewals

Conversation

@iliaross
Copy link
Copy Markdown
Collaborator

@iliaross iliaross commented Jun 5, 2026

Howdy, Jamie!

This turned out to be a bug after this comment on the Virtualmin forum.

The Webmin SSL LE renewal setting is labeled as "Months between automatic renewal", but it was previously saved as a calendar-style cron month expression like */N.

That is not the same as an elapsed renewal interval. Webmin’s cron matcher evaluates month schedules against calendar month numbers, so values like */5, */12, or values above 12 do not reliably mean “renew every N months”. This could cause uneven or dangerously late renewal timing.

This changes the renewal job to use Webmin cron’s elapsed interval support instead of calendar-month matching.

  • Saves automatic renewal as renew * 30 * 24 * 60 * 60 seconds.
  • Clears the cron time fields so the scheduler uses the interval path only.
  • Keeps months => '*/N' so the SSL UI can continue to display the saved renewal value.
  • Resets the renewal timer only after a newly issued certificate.
  • Preserves the existing renewal timer for settings-only saves.
  • Migrates existing month-based Let's Encrypt renewal jobs during postinstall.

@iliaross
Fix LE renewal to schedule by elapsed interval
6026a20 
The Webmin SSL LE renewal setting is labeled as "Months between automatic renewal", but it was previously saved as a calendar-style cron month expression like `*/N`.

That is not the same as an elapsed renewal interval. Webmin’s cron matcher evaluates month schedules against calendar month numbers, so values like `*/5`, `*/12`, or values above `12` do not reliably mean “renew every N months”. This could cause uneven or dangerously late renewal timing.

This changes the renewal job to use Webmin cron’s elapsed `interval` support instead of calendar-month matching.

- Saves automatic renewal as `renew * 30 * 24 * 60 * 60` seconds.
- Clears the cron time fields so the scheduler uses the interval path only.
- Keeps `months => '*/N'` so the SSL UI can continue to display the saved renewal value.
- Resets the renewal timer only after a newly issued certificate.
- Preserves the existing renewal timer for settings-only saves.
- Migrates existing month-based Let's Encrypt renewal jobs during postinstall.
jcameron
jcameron reviewed Jun 6, 2026
View reviewed changes
Comment thread webmin/letsencrypt.cgi
@jcameron
Copy link
Copy Markdown
Collaborator

jcameron commented Jun 6, 2026

Mostly looks good, thanks!

@jcameron jcameron merged commit ee50fa4 into master Jun 6, 2026
1 check passed
@jcameron jcameron deleted the dev/fix-broken-renewals branch June 6, 2026 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jcameron jcameron jcameron left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@iliaross @jcameron