acme.sh renew doesn’t work
Let’s tackel the acme.sh issue first. I sent a renew command with manual DNS verification, the renew went through without errors, but the cert didn’t renew. This is a known issue: https://github.com/acmesh-official/acme.sh/issues/4041
The solution is to delete these lines in the config file under ~/.acme.sh/yourdomain/yourdomain.conf:
Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/XXXXXXXXXXXX/finalize'
Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/XXXXXXXXXXXX'
Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/XXXXXXXXXXXX'
Le_CertCreateTime='1730000000'
Le_CertCreateTimeStr='2024-11-05T18:00:00Z'
Le_NextRenewTimeStr='2025-01-03T18:00:00Z'
Le_NextRenewTime='1740000000'
After that send the usual renew command and it works.
Traefik is not updating the certs after renew
Of course, after renewing the certs, traefik didn’t want to do it’s job. The hot load function didn’t trigger. This can be “fixed” by editing the file provider file. The watcher will pick that up and reload the certs. Just sending a touch command, didn’t do the trick for me.
When you try to add a empty line to the file, make sure you don’t have any spaces in it, or traefik will see it as an invalid config.
Leave a Reply