cloudron certs update API doesn't work

potemkin_ai

Hello,

I used to use Cloudron API to initiate certificates update under some special conditions:

curl -k -X POST -H 'Content-Type: application/json' -H "authorization: Bearer $token" --data '{"domain": "'$dns_host_name'"}' https://$dns_host_name/api/v1/cloudron/renew_certs

But it seems like stopped working, seems like it could happen around v7 release - no certificates are updated and here is all I'm getting at the logs now:

Nov 26 06:06:04 box:settings initCache: pre-load settings
Nov 26 06:06:04 box:taskworker Starting task 1453. Logs are at /home/yellowtent/platformdata/logs/tasks/1453.log
Nov 26 06:06:04 box:reverseproxy renewCerts: Renewed certs of []
Nov 26 06:06:04 box:reverseproxy cleanupCerts: start
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/cloud.my.domain.com.cert notAfter=Dec 3 11:00:57 2021 GMT daysLeft=7.329767881944444
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/default.cert notAfter=Jul 15 16:25:07 2023 GMT daysLeft=596.5548835532408
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/my.domain.com.host.cert notAfter=Jul 15 16:28:39 2023 GMT daysLeft=596.557337199074
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/fp.my.domain.com.cert notAfter=Dec 2 23:01:02 2021 GMT daysLeft=6.8298255324074075
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/my.my.domain.com.cert notAfter=Dec 3 11:00:41 2021 GMT daysLeft=7.329582418981482
Nov 26 06:06:05 box:reverseproxy cleanupCerts: done
Nov 26 06:06:05 box:taskworker Task took 0.186 seconds
Nov 26 06:06:05 box:tasks setCompleted - 1453: {"result":null,"error":null}
Nov 26 06:06:05 box:tasks update 1453: {"percent":100,"result":null,"error":null}

When I click the button to renew certificate from the web - it does everything right, like it shall be and the logs are much much bigger.

P.S. please, ignore **my.my.**domain.com - it's an artifact of search & replace for an actual domain.

girish

@potemkin_ai The endpoint /api/v1/cloudron/renew_certs is correct and so is the POST data that you are sending it. I think the logs that you are showing is for some other task tough. What is the response of the POST request? This will give a task id and then you can go into /home/yellowtent/platformdata/logs/tasks/{taskid}.log

scooke

@girish If everything is correct they may have tried to do this during the most recent Let's Encrypt downtime. It lasted awhile.

potemkin_ai

@girish don't think it's for another task:

I'm checking the URL of the following format:
https://my.domain/logs.html?taskId=

where task id is what I'm getting in responce to the following query:

curl -k -X POST -H 'Content-Type: application/json' -H "authorization: Bearer $token" --data '{"domain": "'$dns_host_name'"}' https://$dns_host_name/api/v1/cloudron/renew_certs

And when I open that log it says 'checkCerts'.

But, as I mentioned, the amount of tasks that are done with my POST query and what system is doing is really different and with my POST query nothing really happens.

/home/yellowtent/platformdata/logs/tasks/{taskid}.log is exactly what I saw via the web console and shared earlier.

It's quite a breaking change for me - any chance you can look at it?

potemkin_ai

@scooke thanks for the idea, but nope - I tried my script and cloudron button at the same time; POST request didn't even initiated certificates updates, as you can see in my logs earlier.

potemkin_ai

@girish , really need help here

girish

@potemkin_ai Looking back at the initial post, it seems that the query/curl is working fine. Cloudron will only renew the certs if they are expiring in a month. Calling /api/v1/cloudron/renew_certs does not mean that it will forcefully renew certs. It means "renew if needed". The logs are sparse because the certs were not expiring in a month, I am guessing, when you made the API call.

I can also confirm the 'checkCerts' in the log viewer is correct. Not sure where all this leaves us, does it answer your initial question?

girish

@potemkin_ai said in cloudron certs update API doesn't work:

--data '{"domain": "'$dns_host_name'"}'"

The above does not seem correct. There is an extra single quote around '$dns_host_name'. This will result in "domain": "'some.domain'". This will in turn make code filter by this domain name and the single quote will make it not renew anything. Maybe this is what you were hitting? You can actually just pass --data "{}" to try to renew everything. No need to pass any domain as such unless you want to restrict to a specific domain.

potemkin_ai

@girish thank you, the output is different now, so I hope that will work.

I took that API call from my forum request earlier, but I guess there was a misunderstanding the API call example was for the specific domain, not to update them all.

Thanks for your assistance!