SSL certificate expired on myopenhab

Looks like the ssl has just expired!

Seems to be ok again now

It is still broken

@digitaldan, @kai, looks like someone needs to run ACME on the myopenhab servers. I’m seeing a different expiration date than @LORDUDE but even the date I’m seeing shows the cert expiring tomorrow.

I’m not sure who else might be admins who can reset the cert.

I just bumped our nginx servers. We have an annoying issue where our certs do renew, but nginx does not get reloaded, so it keeps serving the old certs. I’m going to force this as part of the renew job.


As someone who can’t use automated LetsEncrypt renewal because he chose Namecheap as his registrar, I understand the pain.

Thanks for the quick action!

No worries, here’s a nice writeup of the problem and solution. I assumed this was being automatically in the systemd timer job, which was my bad.

According to

autorenewal should work. I am not using Namecheap but for an other registrar.

Only if you’ve spent $50 with them over the past two years or have a balance of $50 or have 20 domains. If you’ve not met those requirements they don’t allow you access to the API.

I bought a really cheap DNS name. There is no way I’ll meet that unless I just park $50 with them to hold on to for the privilege of using their API.

1 Like

You could transfer the domain to cloudflare, it’s free and works flawlessly with certbot dns-01 challenge. You don’t have to use their cdn and other stuff, I only use it for dns.

1 Like

I rely on wild card certificates which LetsEncrypt requires the ability to set a CDATA text record to prove you own the domain instead of the usual challenge protocol using the file. This lets me host multiple services on the same domain (e.g., I’m willing to manually refresh the cert every 90 days to keep that capability.

When I was shopping around Cloudflare didn’t support wildcard domains (or more importantly CDATA records) on the free tier. And paying Cloudflare for that was prohibitively expensive. Has that changed?

I have a letsencrypt wildcard cert via cloudflare. The dns-01 challenge sets a TXT-record for _acme-challenge.domain.tld via cloudlfare’s api to verify ownership. All you need to do is provide an api key to certbot.

1 Like

You should definitely use the Cloudflare DNS servers. Although it’s technically not a transfer as @pacive mentioned. While a registrar will point your domain to use their DNS servers out of the box, you have the ability to point your domain to any DNS servers of your choice that will list the DNS routes for your domain. You can even point to your own personal DNS server.

One of the major advantage of having your domain DNS servers separate from your registrar is that you can easily shop around every year for the cheapest renewal cost and just need to point to the same DNS servers after the transfer is complete. In most cases, the new registrar even keeps the same DNS servers configuration during that process removing any potential downtime.

As far as wild card certificates, you can check the article below. It doesn’t seem that it’s any different then specific subdomain certificates as long as you are using the dns-01 challenge.