SSL with DNS challenge fails due to propagation but ee thinks it renewed #1736
Comments
|
A recent incident. Where one of my client changed dns to their sites. As ee renews all sites in a single command this broken ssl for all other sites. here is how:
This needs to be fixed. Possible solution: Check DNS before renew. |
1 similar comment
|
A recent incident. Where one of my client changed dns to their sites. As ee renews all sites in a single command this broken ssl for all other sites. here is how:
This needs to be fixed. Possible solution: Check DNS before renew. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Due to cloudflare we are using the DNS challenge method in order to renew the letsencrypt certificate of the site.
Even though the renewal has failed due to DNS records not being propagated, easyengine thinks that the SSL certificate has been renewed causing issues later on.
Issues such as not renewing the certificate when needed so the certificate expires. Not allowing to force renew so we have to delete the site and re-upload it.
All the issues cost money because of the time spend.
`ee site ssl-renew www.example.com
Starting SSL cert renewal
Loading current certificate for www.example.com
Loading current certificate for www.example.com
Created DNS record: _acme-challenge.example.com. with value 4l5Sq1y5bUzcDcmcIPTOj6aP1zzUOQYoSjR7CT_0pmA.
Created DNS record: _acme-challenge.www.example.com. with value zGav80pE1TgvEKR94QSemDq7wFA2qz1LnutSzdBNDaE.
Waiting for DNS entry propagation.
Starting SSL verification.
Warning: The dns entries have not yet propogated. Manually check:
host -t TXT _acme-challenge.www.example.com
Before retrying
ee site ssl www.example.comWarning: Check logs and retry
ee site ssl-verify www.example.comonce the issue is resolved.Starting site's services.
Success: SSL renewal completed.`
The text was updated successfully, but these errors were encountered: