Running Mail Gateway 9.1 (same problem happened on 9.0.7 which I upgraded to 9.1 due to this issue). Been running fine for several years - Letsencrypt always updated on time, no issues.
About a week ago, my LetsEncrypt cert expired and wasn't automatically renewed even though I made no changes to PMG.
I went in and forced a manual upgrade (using domain validation) and it worked. The next day, I noticed my cert had reverted to the older, expired one. I tried again, and renewal was successful but reverted back to the older cert after some time (less than a day). I tried again, and was denied by LetsEncrypt due to too many attempts (error 429) so my cert was stuck in an expired state presumably for a week until LetsEncrypt decided to allow me new certs.
To wait out LetsEncrypt's 7 day renewal denial window, I got a new cert from ZeroSSL and uploaded it just fine and it worked for two days.
This morning, however, PMG reverted to the older, expired cert and removed my custom ZeroSSL cert. I uploaded the new cert again and it works but I'm worried it will revert back soon and I'd like to try and figure out why it's doing that. I assume it has something to do with the auto-update function of ACME but I don't know how to fix it. I wonder why ACME won't update the cert properly automatically and reverts to the older one even though manual updating works. I also wonder why, with a new, non-LetsEncrypt SSL valid cert, does PMG/ACME overwrite it with an expired LetsEncrypt cert.
Please advise.
About a week ago, my LetsEncrypt cert expired and wasn't automatically renewed even though I made no changes to PMG.
I went in and forced a manual upgrade (using domain validation) and it worked. The next day, I noticed my cert had reverted to the older, expired one. I tried again, and renewal was successful but reverted back to the older cert after some time (less than a day). I tried again, and was denied by LetsEncrypt due to too many attempts (error 429) so my cert was stuck in an expired state presumably for a week until LetsEncrypt decided to allow me new certs.
To wait out LetsEncrypt's 7 day renewal denial window, I got a new cert from ZeroSSL and uploaded it just fine and it worked for two days.
This morning, however, PMG reverted to the older, expired cert and removed my custom ZeroSSL cert. I uploaded the new cert again and it works but I'm worried it will revert back soon and I'd like to try and figure out why it's doing that. I assume it has something to do with the auto-update function of ACME but I don't know how to fix it. I wonder why ACME won't update the cert properly automatically and reverts to the older one even though manual updating works. I also wonder why, with a new, non-LetsEncrypt SSL valid cert, does PMG/ACME overwrite it with an expired LetsEncrypt cert.
Please advise.