Our colleagues from the Let’s Encrypt team have informed us that they have identified an issue with the certificate renewal process that is causing load problems in Let’s Encrypt servers.
This issue affects Bitnami users that are using the Bitnami HTTPS Configuration tool (Bncert tool) to configure HTTPS on their Bitnami cloud deployments. To solve this issue, you must update your Lego installation as explained below.
How to update your Lego installation
A fix has been included in the Lego tool version 4.8.0 which adds a random 0-8 minute delay to avoid such spikes in the specific 0:00 minute. However, Bitnami cannot propagate this change to users unless they execute the tool.
In order to avoid problems in case the renewal fails for several days in a row, and to avoid load problems, users should follow the steps below:
- Execute Bncert again to renew the certificates. The tool will request to be updated - press “Yes”. This will also randomize the times in the crontab and add the user-agent to the crontab.
$ curl -L https://github.com/go-acme/lego/releases/download/v4.8.0/lego_v4.8.0_linux_amd64.tar.gz | tar xz -C /opt/bitnami/letsencrypt l
ego
- Manually update the lego version by running the following command:
$ curl -L https://github.com/go-acme/lego/releases/download/v4.8.0/lego_v4.8.0_linux_amd64.tar.gz | tar xz -C /opt/bitnami/letsencrypt l
ego
- Randomize the renewal time. E.g. from 0:00:
0 0 * * * sudo /opt/bitnami/letsencrypt/lego ...
To a random time, such as 21:40:
40 21 * * * sudo /opt/bitnami/letsencrypt/lego …
Once executed, the command {{sudo crontab -u bitnami -l}} should show something like this:
40 21 * * * sudo /opt/bitnami/letsencrypt/lego ...
Where 21:40 is the new randomized time - you will probably see a different value - at which point the renewal will happen every day.
Support and Resources
Looking to learn more or have any questions? Check out the new Bitnami GitHub repository for virtual machines. If you need to get a resolution on issues or want to send us your feedback, please open an issue. A markdown template is provided by default to open new issues, with certain information requested to help us prioritize and respond as soon as possible.
To learn more about how to generate and install a Let’s Encrypt certificate for a Bitnami application, refer to this tutorial.