foretell.concert
Cadet
- Joined
- Aug 11, 2021
- Messages
- 8
I am using the ACME/Lets Encrypt integration to issue the TLS certificate used for the web interface and API.
I got an email notification this morning:
I logged in and took a look at the Task Manager and saw this:
As luck would have it, the `certificate.renew_certs` task was running _at the exact same time that I applied patches / rebooted my DNS server_. DNS server work was done at about 20:05; about 10 min after the failure ^.
So this leaves me with two questions:
- How do I manually re-run the certificate renewal task? There does not appear to be a way to do this via the web UI... but is there a CLI tool that I can use to re-run the task?
- How can I adjust the "expiration" threshold so certificates are renewed 15d before their expiration; the current behavior (don't attempt to refresh unless cert is within 9? days of expiration) is a bit too close for comfort. I can set this on _new_ certificates ... but there does not appear to be any way to modify this on existing certificates.
====
**EDIT** I woke up to an email this morning telling me that the cert expires "within 9 days".
Did a bit more google, and it looks like i'm not the only person that's "stuck" with a similar issue.
This ticket is asking to update the renewal time to the "suggested" 30d:
ixsystems.atlassian.net
And these threads are asking the same thing that this thread is asking: how to manually run the job from CLI?
- https://www.truenas.com/community/threads/how-to-renew-letsencrypt-external-certificate.103299/
- https://reddit.com/r/truenas/comments/15i16vu/scale_how_to_force_letsencrypt_renewal/
I got an email notification this morning:
I logged in and took a look at the Task Manager and saw this:
As luck would have it, the `certificate.renew_certs` task was running _at the exact same time that I applied patches / rebooted my DNS server_. DNS server work was done at about 20:05; about 10 min after the failure ^.
So this leaves me with two questions:
- How do I manually re-run the certificate renewal task? There does not appear to be a way to do this via the web UI... but is there a CLI tool that I can use to re-run the task?
- How can I adjust the "expiration" threshold so certificates are renewed 15d before their expiration; the current behavior (don't attempt to refresh unless cert is within 9? days of expiration) is a bit too close for comfort. I can set this on _new_ certificates ... but there does not appear to be any way to modify this on existing certificates.
====
**EDIT** I woke up to an email this morning telling me that the cert expires "within 9 days".
Did a bit more google, and it looks like i'm not the only person that's "stuck" with a similar issue.
This ticket is asking to update the renewal time to the "suggested" 30d:
[NAS-117031] - iXsystems TrueNAS Jira
And these threads are asking the same thing that this thread is asking: how to manually run the job from CLI?
- https://www.truenas.com/community/threads/how-to-renew-letsencrypt-external-certificate.103299/
- https://reddit.com/r/truenas/comments/15i16vu/scale_how_to_force_letsencrypt_renewal/
Last edited:
