Let's Encrypt certificates not renewing automatically?

Nemesis

Nemesis

Active member
Joined
Mar 22, 2025
Messages
35
Points
61
Age
26
I’ve noticed that Let's Encrypt certificates on my CloudPanel setup aren’t renewing automatically.
I’ve got a few domains running and having to manually renew every three months is starting to get annoying.

Is this normal behavior? Or is there a built-in auto-renewal feature I might’ve missed?

Thanks in advance!
 
Solution
Rootali
Ah yeah, that happens when the command is executed as the wrong user or if line breaks sneak into the domain arguments.
Make sure you're running the script as the clp user, not root. You can do it like this:

Code: 
su -s /bin/bash -c '/usr/bin/clpctl lets-encrypt:renew:certificates' clp

That should clean up the errors. Also double-check your domain list format—no extra newlines.
Sort by date Sort by votes
Yeah, I ran into the same problem before.
CloudPanel should auto-renew them via cron, but in practice, it doesn’t always work—especially if something in the environment is off or if you’re using custom DNS setups.

To solve it, I wrote a simple script that checks and renews the certificates automatically. I run it as a cronjob and haven’t had issues since.

You can grab it here if you want to try it:
👉 https://git.techniverse.net/scriptos/cloudpanel-autorenew-letsencrypt-certs.git
 
Upvote 0 Downvote
Awesome, thanks!
I’ll give the script a try. Quick question though—some of my domains have multiple subdomains. Does your script handle Subject Alternative Names (SANs)?
 
Upvote 0 Downvote
Yep, good timing actually—I just updated the script to support SANs.
Just make sure you're using the latest version from the repo. It should take care of domains and subdomains just fine.

Let me know how it goes!
 
Upvote 0 Downvote
I ran the updated script, but got a strange error related to the lets-encrypt:install:certificate command—it says no arguments are expected, but the script seems to pass domain names to it. Is this something you’ve seen before?
 
Upvote 0 Downvote
Ah yeah, that happens when the command is executed as the wrong user or if line breaks sneak into the domain arguments.
Make sure you're running the script as the clp user, not root. You can do it like this:

Code: 
su -s /bin/bash -c '/usr/bin/clpctl lets-encrypt:renew:certificates' clp

That should clean up the errors. Also double-check your domain list format—no extra newlines.
 
Upvote 1 Downvote
Solution
Got it. That did the trick! Certificates renewed smoothly this time.
Thanks a lot, Rootali. Really appreciate your help.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top