[Feature] - Implement Auto renewal #27
Comments
|
Also, If a website no longer exists in IIS we shouldn't try and renew it and should instead flag it in the UI. |
|
Maybe have a look at https://github.com/Lone-Coder/letsencrypt-win-simple/blob/master/letsencrypt-win-simple/Program.cs#L983, can be used under apache 2.0 licence https://tldrlegal.com/license/apache-license-2.0-(apache-2.0) |
|
@Barokai thanks, both projects actually use ACMESharp libraries to talk to letsencypt - Certify uses the powershell modules and le-win-simple uses the library directly, le-win-simple is indeed a very good choice for anyone happy to work at the command line. |
|
Is the idea that this would be a separate Windows Service application that will periodically check for expiration? |
|
Yes, the branch gui-revisions is a start on splitting out the relevant code, it also starts to add a command line. I'm undecided as yet as to whether this should just be a command line that gets called as a scheduled task or use a full windows service. |
|
If you only need to check certs for renewal once a day (or less frequently), then I'd say a scheduled task is the way to go. If you need to handle events at any time, then you want the Windows service. |
|
Any updates on this? |
|
It's a work in progress, we currently have a pressing issue where requests/renewals cause the app to crash on some machines but not others (it's doesn't crash for me at all). once that's resolved I can go back to the refactoring required to get this going properly. The current plan is that when you first (successfully) request a certificate you will get to add it to the auto-renewal list. Different sites may have different techniques required for the renewal so we have to consider that. The auto-renewal will then be kicked off periodically (probably every day) as a single scheduled tasks. The auto-renewal itself is easy enough, the problem comes when the renewal fails and you have to tell somebody (otherwise the site will then fail when the cert expires), so I would like to get that covered from the outset. |
|
Thanks for the work on this! I'm really looking forward to it. Is it possible for us to run a alpha/beta build to test on our own servers? |
|
@Concept211 as Certify is still an alpha release the download on the website is the latest available code for testing, for info there is a new branch in the works for auto-renew and multi-domain certs https://github.com/webprofusion/certify/tree/san-and-auto-renew |
|
Thanks! So there's still no actual build available for the auto-renew branch? |
|
I just wanted add some feedback here and considerations. I had to initially disable all rewrite rules to redirect to SSL in order for LE check the acme-challenge files. I had out of date certificates from StartCom.. booooo.. I know. But LE verification did not seem to like the expired certification, or being redirected to HTTPS :( Just for consideration.. It would be nice to be able to set how many hours before expiration the new cert should be requested to avoid broken certs and LE failing to validate. I always rewrite to HTTPS and WWW - Other people may not have this problem and allow non SSL access which is not a problem. |
|
Auto renewal is now available in the v2 alpha release. Note that if you redirect to https you must redirect the whole path so that http://domain.com/.well-known redirects to https://domain.com/.well-known for the Lets Encrypt service to follow the redirect. |
|
Looks awesome! |
|
Closing. Now implemented and confirmed working. |
Certify requires either a windows service or a command line option to check for expiry and invoke auto renewal of managed sites. Currently a Certify windows service seems like the most permanent option.
This would only apply to sites configured within Certify and would need to allow for multiple domains on a single cert (SAN).
The text was updated successfully, but these errors were encountered: