Problem with site certificates

Automatic certificate renewal using certbot is trivial, and any post-processing easily accomplishing in a simple bash script scheduled via cron. I’d be extremely surprised if this isn’t already in place.

As to monitoring, this is also relatively trivial to implement (eg Nagios), eg if the certificate expires within X days.

But, as many have remarked, sh#t happens, and I have screwed this one up in my career.

Letsencrypt certificates are valid for 3 months. However, Letsencrypt will start emailing you if there’s 1 month validity remaining without having received a renewal request. So even if certbot (or other software) is for some reason failing, you’ll get a heads up.

1 Like

@SKBubba, @Nepherte - all you say is probably true. Which makes it more inexplicable that Roon should let a certificate expire, particularly when their users and the business depend(s) on access.

Long ago, I knew someone who was a Golden Gloves boxer. He once told me that the most humiliating thing that can happen to a boxer is for his opponent to knock out his mouthpiece.

Certificate renewals for Let’s Encrypt usually happen in an automated way. Nobody is going to put this stuff on a calendar anymore. During those 3 months, something probably changed and broke the automatic update. It can happen once, but if it happens more than once, well… That’s kinda sad.

At least the third time in the past twelve months.