We are using the build-in Let’s Encrypt functionality to set the SSL certificate for the pritunl web UI. However, for security we are closing port 80 to the server once the certificate is in place. We open it again a few days before the expiration of the current cert but we’ve not seen pritunl automatically update the certificate.
What is the best way to get the pritunl service to get a new lets encrypt certificate if I cannot get to the web UI?
What we’ve been doing is closing off port 80 after the renewal and opening it again a day or two before the certificate expires. Twice in a row, pritunl has failed to update the certificate.
pritunl server is not automatically renewing the certificate after 80 days, and its showing below error on logs. But can be manually renewed with the command mentioned above.
I need this thing to be automated, can you check on the logs below,
[vpn.prod.***.io][2023-11-30 14:08:56,878][ERROR] Failed to get LetsEncrypt cert
Traceback (most recent call last):
File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/handlers/settings.py", line 905, in settings_put
acme.update_acme_cert()
File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/acme.py", line 67, in update_acme_cert
csr = utils.generate_csr(private_key, settings.app.acme_domain)
File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/utils/cert.py", line 72, in generate_csr
with open(private_key_path, 'w') as private_key_file:
IOError: [Errno 2] No such file or directory: u'/tmp/pritunl_893fcc63e28441e9b1b2d62061efd9b5/c9d4d64eed124993bde76030aa8e2863.key'
acme_domain = "vpn.prod.******.io"
[vpn.prod.*****.io][2023-11-30 14:09:06,101][ERROR] Failed to get LetsEncrypt cert
Traceback (most recent call last):
File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/handlers/settings.py", line 905, in settings_put
acme.update_acme_cert()
File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/acme.py", line 67, in update_acme_cert
csr = utils.generate_csr(private_key, settings.app.acme_domain)
File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/utils/cert.py", line 72, in generate_csr
with open(private_key_path, 'w') as private_key_file:
IOError: [Errno 2] No such file or directory: u'/tmp/pritunl_893fcc63e28441e9b1b2d62061efd9b5/9fa0d37ec2d6403a8379302bfd466cc4.key'
acme_domain = "vpn.prod.*****.io"