Gonna take a stab at my own question.

From /etc/cron.daily/confconsole-dehydrated, it looks like this should work:

 /usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper --force

It ran, no errors. My cert is now extended through June. 


Jeremy Davis's picture

Oops, I missed your response as I started a fairly exhaustive writeup, but then changed my mind and decided to move that to a blog post and just keep my response here a bit briefer...

Anyway, sounds like you worked it out and all is well. Great stuff! :)

Jeremy Davis's picture

I hadn't actually seen that as I've had my head down trying to keep laser focused on getting v16.0 out the door... So extra thanks for the heads up!

FWIW, apparently only about 2.3% of certificates are affected, so you may be one of the lucky ones?! If you wish to be sure check you can on this website. Although, forcing a cert renewal shouldn't cause any issues, so doing that regardless is fine.

I'll write up a blog post with all the details and send out a newsletter to everyone so everybody is all over this. In the meantime, assuming that you are using TurnKey's Confconsole implementation and already have certs set up and everything is working, then forcing a cert renewal is as easy as:

/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper --force

Once that completes (and assuming that you get no errors) then you should be all good.

If you have any issues, please post back with as much details and I'll respond ASAP. I'll post back with a link to the blog post, once I've written it up.

Jeremy Davis's picture

As promised, I've just published a blog post about this situation. Between this thread and the blog post, hopefully all the questions are answered and concerns covered...

If not, please feel free to post back here or comment on the blog post.

Thanks again for the heads up Sean! :)

Glad to help, Jeremy.


Hope you survived the fires OK. We've had our share of that sort of disaster and my heart goes out to you all down under!


Add new comment