cbfsParticipant::Do Let’s Encrypt certificates try to renew 1 month early? I think this has something to do with the Let’s Encrypt certificate failing to renew and leaving VitalPBX in a bad state. It seems like when the Let’s Encrypt certificate tried to renew, it replaced the public and private keys, but because it failed, it left the old certificate which is causing the mismatch.
- December 17, 2020 at 8:40 am
Why would it the script replace the public/private keys before it successfully received a new certificate?
I was able to manually edit the vitalpbx httpd config to point to the default self-signed certificate to get back into the web interface temporarily, but now I cannot generate a new Let’s Encrypt certificate no matter what I try.
Every time I try to generate/renew a Let’s Encrypt certificate, it seems like it’s trying to do the DNS challenge which won’t work instead of doing the HTTP challenge. I see this in when visiting the URL in /usr/share/vitalpbx/certificates/xxx/order: