Domain cleanup lacking, by design?
-
@shai yes, old certs are not removed intentionally. This is because LE has rate limits for getting certs. So, if you say uninstall an app "test.exampleapp.com" and install again, we don't delete the certs at uninstall time and re-use certs from the previous install.
-
@girish It might be good to have a prompt when deleting a domain if a user wants to delete the related certs too (much like how we changed the email deletion prompt to also ask whether to keep the contents on disk or delete the contents from disk). Or just behind-the-scenes delete the certs after a short period of time (a few days?) for a removed domain. Keeps things clean.
-
-
@girish is there any way to delete unwanted certs via the
my.example.comCloudron dashboard? Or is it the case that ssh'ing into the server and deleting them at/home/yellowtent/boxdata/certsis the only way?Also, I suggest that the Cloudron cert documentation explicitly mention that switching to a prod cert from staging requires that the staging certs be deleted.
-
@shai said in Domain cleanup lacking, by design?:
Also, I suggest that the Cloudron cert documentation explicitly mention that switching to a prod cert from staging requires that the staging certs be deleted.
This seems like a bug. We actually have code to do this automatically - https://git.cloudron.io/cloudron/box/-/blob/master/src/reverseproxy.js#L122 . Let me see why it fails.
-
-
@girish I was looking through the list of certs on my server, and found many certs that haven't been used for at least a 4 - 9 months. This is likely more applicable when using individual certs per app hostname as opposed to wildcard certs, but I would suggest it makes sense to automatically cleanup certs from the file system at least after 3 months when they expire. What good is a Let's Encrypt cert that's 6 months old (expired 3 months ago), for example?
