search

kchristensen / udm-le

Let's Encrypt support for Ubiquiti UniFi OS
MIT License
565 stars 79 forks source link

[BUG] Not auto-renewing on >= 2 #82

Closed dubhunter closed 8 months ago

dubhunter commented 9 months ago

Describe the bug I have successfully installed UDM-LE on my two UDM-PROs and UNVR, but auto-renew does not seem to be working. If I call the script with the renew flag manually, everything works.

To Reproduce Steps to reproduce the behavior:

  1. Install UDM-LE
  2. Do initial setup for certs.
  3. Wait for expiry notice from LetsEncrypt

Expected behavior The cert to auto-renew with the timer.

Version Information (please complete the following information):

kchristensen commented 8 months ago

What does systemctl status udm-le.timer output?

# systemctl status udm-le.timer
● udm-le.timer - Run Lets Encrypt renewal daily and at startup
     Loaded: loaded (/etc/systemd/system/udm-le.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Mon 2023-10-09 19:40:34 EDT; 1 weeks 0 days ago
    Trigger: Wed 2023-10-18 03:04:00 EDT; 19h left
   Triggers: ● udm-le.service

Warning: journal has been rotated since unit was started, output may be incomplete.

Does it say that it's running? Could be that you maybe missed a step of the install where you install the timer?

dubhunter commented 8 months ago 
⮀ systemctl status udm-le.timer
● udm-le.timer - Run Lets Encrypt renewal daily and at startup
     Loaded: loaded (/etc/systemd/system/udm-le.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Mon 2023-09-25 11:20:05 PDT; 1 months 8 days ago
    Trigger: Sat 2023-11-04 03:02:07 PDT; 13h left
   Triggers: ● udm-le.service

Sep 25 11:20:05 dubhunter-nvr systemd[1]: Started Run Lets Encrypt renewal daily and at startup.

Looks like it will run tomorrow AM. Maybe I just have not been patient when I get the emails from LE (this one was sent 19 days ago).

dubhunter commented 8 months ago

Thanks for the reply, I will report back tomorrow.

dubhunter commented 8 months ago

Wait, I now just realized that it runs daily. If that is true, shouldn't it have updated by now for a cert expiring in 8 days?

dubhunter commented 8 months ago

This is what it says on a different machine (which does not have the same Triggers line):

⮀ systemctl status udm-le.timer
● udm-le.timer - Run Lets Encrypt renewal daily and at startup
   Loaded: loaded (/etc/systemd/system/udm-le.timer; enabled; vendor preset: enabled)
   Active: active (waiting) since Mon 2023-09-25 11:22:28 PDT; 1 months 8 days ago
  Trigger: Sat 2023-11-04 03:04:37 PDT; 13h left

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
dubhunter commented 8 months ago

Found the issue, fix proposed above (validated on one of my machines)

kchristensen commented 8 months ago

Ah, good catch. I use cloudflare so it never had an issue finding the credentials. Thanks for digging in!