@girish said in Add notification for Certificate errors:

@andreasdueren sorry, I meant if your Cloudron is able to send outbound email. Does sending a test email work - https://docs.cloudron.io/email/#send-test-email

Yea works no problem

@tomw Apologies; I wasn't trying to suggest you shouldn't do this. I was only trying to emphasize that there is an entire system/chain that leads to your server.

You might have:

The nation-state working in tandem with local (or, are they state-owned?) ISPs to implement man-in-the-middle cert attacks, so that attempts to securely connect to your server are actually plain-text. The nation state, working with ISPs to compromise/log all traffic through DNS servers. ...

https://www.cisa.gov/news-events/alerts/2015/04/30/securing-end-end-communications

is an article that speaks to some of the kinds of things that you might have to do to begin securing end-to-end communications.

Ultimately, I really don't know. I'm just suggesting---YMMV, etc.---that this sounds like something with high stakes.

I wish you and your colleagues all the best of luck.

PS. https://www.cjr.org/tow_center_reports/guide_to_securedrop.php looks interesting as well. Again, it doesn't apply directly to your case, but speaks to the broad spectrum of design considerations that go into architecting and delivering secure systems, where "systems" means "a combination of technology and people."

Thank you very much!

@Kubernetes Glad you like it, the eBPF stuff is a nice use case. (finally)

@girish Thanks. That could possibly do the trick. Maybe as an option to the current behavior.
In my understanding, this is the expected behaviour of a mailing list. But maybe I'm wrong - it's been a while since I was last active in mailing lists ..... 😉

A month ago! Oh JOY! 😹

We love it when you surprise us @nebulon !

👍 Good point. This is the way I like to work, too, when available.

We don't have this feature yet to specify the healthcheck path in the app proxy. I will move this feature request.

Thanks for the suggestion!

Super!
I have used this script now via cron and everything seems to work fine, including a significant reduction of "denied" mail attempts in the mail log.

I've added the following lines to keep the last 20 url lists, compressed with 7z (which I prefer for compression), for analysis (if needed):

7z a -mx9 "${current_datetime}.7z" "formatted_$output_file" rm "formatted_$output_file" rm "$output_file" ls -td *.7z | grep -v '/$' | tail -n +20 | while IFS= read -r f; do rm -f "$f"; do>

Also: If you use the script, don't just blindly add url-lists. I already managed to lock myself out once by adding the "standard" Firehol list (https://iplists.firehol.org/files/firehol_level1.netset)

Miniflux also uses apprise ! I'm interested to have it on Cloudron 😌

Can we revisit this? Allowing some code in the (html) header of all apps would be enough, I think (and awesome)

@girish You're right, I think not.

Currently the app is NOT in a 'Running' state if any failures occur.

An alternate method would be to bring up the app anyway (as long as the primary subdomain is up, and continue to resolve the failed API calls until some 'threshold' (then alert) or it succeeds and all is well.

No need to ignore the failed ones, they just try again async as with your API rate backoff code, or at the next addition of a new sub if you want to be less proactive and more lazy. (The non working subs, if used will draw attention back to the app anyway.)

@DualOSWinWiz it's not there, no.

Regarding a helping hand for autodns:

acme.sh does support dnsapi cert generation for autodns maybe this code can help developing.
https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_autodns.sh

Also acme.sh has MANY more dnsapi supports:
https://github.com/acmesh-official/acme.sh/tree/master/dnsapi

Yeah, the access key is what is going to check if the domain is there. I think "Skip nameserver validation for custom Route53 NS names" would get me there 🙂

And all of the DNS and Email stuff...I totally understand how difficult it is to give less technical users the ability to even USE this stuff, as well as support slightly more advanced users. You're doing a great job!

The filemanager has gotten no attention for mobile use, as I mostly saw that as a sysadmin tool and not something one would use on a phone. Generally mobile use of the dashboard as an admin is a bit rough 😕