Resolved Lets encrypt refresh certificate by script?

[Bossman]

Hello,

Since i do not use plesk DNS server, i wanted to do external DNS update for TXT record _acme-challenge, since every 3 months i need to update every domain at my dns provider. So script is done, but at end i would want to know how to reload certificate (blue screeen with button reload) via
1. commandline ? i have tried plesk bin extension lets encrypt - it does not work.
2. or php/lib/RestAPI - that does not have such option i think.
3. or maybe by setting some flag in psa database ? - yea that will be best for me, but risky.

ps. I see that plesk is checking certificates and after night i have got reloaded certificates, so is it done by cron maybe ?.

 

[Kaspar]

Did you already read this support article: How to install Let's Encrypt certificate via CLI for a domain in Plesk for Linux?

Also this page might contain more useful information: Securing Connections with the SSL It! Extension

 

[Bossman]

Yes i have read that links.
They are referring to ssl creation, but not extension of cert

 

[Kaspar]

Running the command below as suggested in this support article will both issue a new Let's Encrypt certificate or renew an existing Let's Encrypt certificate.

plesk bin extension --exec letsencrypt cli.php -d example.com -d webmail.example.com -m [email protected]

 

[Bossman]

Okay let me check, thanks.
Do you know where letsencrypt certificate store its end date / database ? / files ?, so my script could know when to "do" above extension query ?

 

[Bitpalast]

One doesn't really need to know this. Simply create a cron job that runs the command once a month. If a certificate is not due for renewal, it won't renew. If it is due for renewal, it will renew.

 

[Kaspar]

Not sure if expire date is stored some were. However, letsencrypt certificates are valid for 90 days. So you just could renew them within 90 days.

 

[Bossman]

Yes i will do that, thank you guys.

 

[mow]

Not sure if expire date is stored some were. However, letsencrypt certificates are valid for 90 days. So you just could renew them within 90 days.

It is in the certificate itself. But you could also take an educated guess from the file's timestamp.

The extension, just like LetsEncrypt's own script, will renew a certificate if there are only 30 days left. Unless you force it to renew earlier.

 

[Bitpalast]

The extension, just like LetsEncrypt's own script, will renew a certificate if there are only 30 days left. Unless you force it to renew earlier.

I think it can only do this for wildcard certificates if the DNS record is located on the Plesk system. However, @Bossman wrote that he is using an external DNS. For that reason he needs to update his acme entry in his DNS system manually before the renewal takes place. It won't renew automatically, because the acme entry needs to have the correct value first. That's why he needs to renew "manually" or at least by a script when he does not automatically set the correct new DNS entry before an automatic renewal attempt is made.
(This was my last state of knowledge, please correct me if I am wrong with the wildcard entries. It might have changed, I have not been using this for a while.)

 

[mow]

For that reason he needs to update his acme entry in his DNS system manually before the renewal takes place. It won't renew automatically, because the acme entry needs to have the correct value first.

But it has to run once so he knows what to change the _acme entry to

 

[Bossman]

The update cert is not working, i have execute it in commandline and in Plesk Cert did not update itself (Acme is propagated correcly).


As you see in screen i have executed update command for same cert, then i click refresh page at plesk cert gui, and sadly button (przeładuj - refresh) is still there.