I saw that this morning I had a problem with the certificate, it was expired, so I run again “ansible-playbook server.yml -e env=production --tags letsencrypt” and it is all ok now.
I would like to know how works the automatic renewal cron-job, the documentation says:
There is one main difference between LE and other certificate authorities: their certificates expire every 90 days . Trellis automates by running a cron-job so you never have to manually renew them or worry about them expiring like a paid certificate.
I had the feeling that this cron-job was already automatically configured in Trellis, but now I am wondering if I need to set up the cron-job somewhere in the settings?
I am on DO droplet and my trellis version is not very old (july 2018), do you have any idea why the cron-job have failed?
What I can do to check if the cron-job is correctly in place?
is there any test that I can run just to be sure that the cron-job will work the next time (90 days from today)?
I tried to run cd /var/lib/letsencrypt && ./renew-certs.py && /usr/sbin/service nginx reload
but i received this error -bash: cd: /var/lib/letsencrypt: Permission denied
I tried with the admin user and with the web user, but with the same result.
I checked the /var/log/syslog with this command (sudo grep cron /var/log/syslog), this is what I can see:
Aug 20 15:15:01 xxxxx-production CRON[7020]: (web) CMD (cd /srv/www/xxxxx.co.uk/current && wp cron event run --due-now > /dev/null 2>&1)
Aug 20 15:17:01 xxxxx-production cron[1403]: Authentication token is no longer valid; new one required
another test that I did, it was to check (via SFTP) the Chmod permissions of the /var/lib/letsencrypt folder.
the Chmod permission is 700, owner and group are root.
is this right?
what else I can try to do? any other ideas?
thanks
@swalkinshaw thanks, i checked the password of the root user and my admin_user (that it is not admin, but a different name, I changed it when I did the first set up)
I run sudo chage -l root and this is the result, it seems that I need to change the password.
is the ssl cron-job run by the root user or the admin_user?
so I reckon the next steps are changing the root password and re-provisioning the live server, is that correct?
is there something else that I should do after these steps?
@swalkinshaw do you know if i can change the root password directly in the digital ocean control panel (see attachment) or i need to do this via the console with “sudo passwd root” or i can try with the digital ocean web-based console (/products/droplets/resources/recovery-console/)?
Could you please let me know what it will be your preferred option between these 3?
I am not confident with the console commands, and I don’t mess up with the production server.