We are using the build-in Let’s Encrypt functionality to set the SSL certificate for the pritunl web UI. However, for security we are closing port 80 to the server once the certificate is in place. We open it again a few days before the expiration of the current cert but we’ve not seen pritunl automatically update the certificate.
What is the best way to get the pritunl service to get a new lets encrypt certificate if I cannot get to the web UI?
The next release will include the command
sudo pritunl renew-ssl-cert to manually renew Lets Encrypt certificates.
Can you tell me why the current version isn’t automatically renewing it?
The server will automatically renew the certificate after 80 days. The top right logs will show any errors that occur on the renewal.
What we’ve been doing is closing off port 80 after the renewal and opening it again a day or two before the certificate expires. Twice in a row, pritunl has failed to update the certificate.
This can be avoided in the next release by using the command
sudo pritunl renew-ssl-cert that will immediately trigger a certificate renewal.
Thanks, but that doesn’t help us now.
We ran into this same issue and were able to fix it by doing the following:
- Login to the web ui
- Open settings
- Change the “Lets Encrypt Domain” value to an incorrect domain
- Save settings
- Wait for an error to be returned. It should show up in the Web UI and tell you to check the logs.
- Change the “Lets Encrypt Domain” value back to the correct domain
- Save the settings
- This should complete successfully
Hopefully the command to renew the cert comes out soon
Thanks! We’ve already switched to a permanent certificate but this is helpful in case we decide to switch back at some point