| Gönderen: |
"Massimo S." <ecs-isp@2rosenthals.com> |
Tam Ba?l?klar
Çözülmemi? ?leti |
| Konu: |
Re: [eCS-ISP] LE certificate renewal fails when using CRON2 |
| Tarih: |
Wed, 8 Apr 2026 22:31:33 +0200 |
| Alacak: |
eCS ISP Mailing List <ecs-isp@2rosenthals.com> |
|
|---|
Il 08/04/2026 18:19, Steven Levine ha scritto:
In <list-2040013@2rosenthals.com>, on 04/08/26
at 09:12 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
Hi Massimo,
never, it only works if i start it manually
OK.
the script as first thing is copying a firerule that has port 80 open for
injoy fw, then it reload the fw rules
after it start webserve and after it start uacme
my suspect is that running it scheduled it don't execute something, maybe
it do not correctly open port 80 even if i see from logs that the fw
rules get reloaded
That's a possiblity.
i've added a "go >file.txt", but i've seen that all the
right processes are loaded in memory while the script
is running
now i've added also a netstat -s and -l
i hope they can help
Another thing you can try is
wget https://acme-v02.api.letsencrypt.org/directory
before invoking uacme. The would fetch the same url that uacme appears to
not be able to fetch.
it's happening something strange (at least to me)
if i run "wget https://acme-v02.api.letsencrypt.org/directory" from the command line
it runs well and i get:
..
0K . 100% 20,2K=0s 2026-04-08 22:23:52 (20,2 KB/s) - directory salvato [1033/1033]
but "wget https://acme-v02.api.letsencrypt.org/directory" started in the script scheduled by CRON2 give this result:
Unable to locally verify the issuer's authority. To connect to acme-v02.api.letsencrypt.org insecurely, use `--no-check-certificate'.
i've the latest wget (checked with YUM) i've no other wget under path
it's not a firewall issue, ports are correctly open
libc and libcx are the latest from NL stable repository
i'm puzzled
massimo
|