I hope someone can help:
Today some of my LE certificates (for sogo, nextcloud e.t.c. and some other) were outdated (Nov. 26th 2020 / approx. 06:00). In contrast to that the standard certificate (including sogo, nextcloud etc) was renewed on October 28th 2020 and it is still valid. It looks like it was not transferred to the respective sub-sites.
I did a reboot which usually solves this problem but it did not.
What @Walter_Palumbo posted isn’t only a nextcloud problem. Please try the following steps from the side Walter posted:
Then after reading this thread and a few other things on the net, I first made a copy of the /etc/letsencrypt folder and then tried a few things.
What finally got it working for me was to copy the .pem files from the mycoolsite.org-0001 folder to the mycoolsite.org one:
Could it be possible that the script --reloadcmd "/sbin/e-smith/signal-event certificate-update"
at the end of the certificate renewal
takes /etc/letsencrypt/live/FQDN
which contains the old keys
instead of taking /etc/letsencrypt/live/FQDN-0001
which contains the newkeys
mainly when called (or receiving parameters) to update sogo, nextcloud, etc, and some other.
I know that Marko @capote had a problem with the suffix -0001 and he got rid of it by deleting some files and directories in /etc/letsencrypt/live and also in other places. Then he renewed the certificate and all was OK. I am looking forward to know how exactly he did it
No. But are you using individual certificates for Nextcloud, Sogo, etc.? If so, how did you do that? That (sadly) isn’t a supported configuration, so it would have taken some template editing.
Hi Michel-Andre,
I think I see the reason for your trouble just as it was with me originally.
You are mixing different domains in one form.
You have to request and renew for each domain separately.
I resolved my problem with the -0001 suffix.
I have to admit that previoustly I had not only -0001 but also -0002 suffixes.
Now, I have 1 brand new Let’s Enrypt certificate and no suffix at all.
I have 1 certificate for multiple domain i.e. a SAN certificate (Certificates with SAN also provide a SAN [Subject Alternative Name] field that allows additional domain names to be protected with a single certificate. Have a look at https://www.micronator.org.
I have to wait until tomorrow to make sure that all is working perfectly, then I will write what I did.
Google Translate, or one of its ilk, is the friend of all those who, without mastering a particular language, strive to broaden their horizons, but it is useless for those who do not click the right button.
Today I tried something which convinced me that this is a e-smith bug:
I simply changed the standard certificate from LE to the initial certificate (+reboot) and then returned to the LE as the standard certificate (no reboot). NS LE started to work and SoGo, Mattermost, Nextcloud and all the other services got the correct (most recent) certificates.
Please let me know if / how I may investigate / report on this issue.
