Let's Encrypt Didn't seem to auto-renew
-
If anyone with this situation, can contact us on support@cloudron.io, I think we debug this further. I check around 20 servers we have access to but they seem to updating the certs just fine. Maybe some specific cert provider is having issues.
-
N nebulon referenced this topic on
-
I can confirm the issue. Certificate of other domains added to Cloudron aren't renewed. Primary domain seems to be renewed.
Some certs are due 4 days.
Good thing I had alerts enabled so I got notified.
Domain provider is Wildcard. Both domain.tld and *.domain.tld point to the cloudron (since last 1-2 years).
Renew all Certs shows "Configuring apps .. or something" and the progressbar disappears.
- "Show Logs" shows empty window.
- Download full logs -> 1 byte empty file
-
I can confirm the issue. Certificate of other domains added to Cloudron aren't renewed. Primary domain seems to be renewed.
Some certs are due 4 days.
Good thing I had alerts enabled so I got notified.
Domain provider is Wildcard. Both domain.tld and *.domain.tld point to the cloudron (since last 1-2 years).
Renew all Certs shows "Configuring apps .. or something" and the progressbar disappears.
- "Show Logs" shows empty window.
- Download full logs -> 1 byte empty file
-
@nj the logs thing is fixed in 7.3.5. Can you update and check?
But there is still the underlying problem of certs not renewing sometimes with 7.3.
Also having this issue for several domains on my cloudron.
Manually renewing all certs, restarting apps, deleting browser cookies, nothing is fixing it.
My cloudron is on Ubuntu 20
-
Wanted to update this thread. We found the issue, we will make a release with a fix (7.3.6) asap.
@girish Thank you! I just came to report the same issue and was delighted that already had been taking care of! Great work!
-
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
-
@girish I know updates are rolled out alphabetically but is it based on the installed subdomain (ex: rambo.domain.com) or the bare domain?
-
@girish I know updates are rolled out alphabetically but is it based on the installed subdomain (ex: rambo.domain.com) or the bare domain?
-
@humptydumpty iirc, it's on the primary domain i.e installed subdomain.
@girish that isn't very clear!
I think it's surely based on the domain name used for my.domain.tld, no?
i.e.
my.aaaaa.tld gets updated before
my.bbbbb.tld
....
my.zzzzz.tldThat's been my experience anyway.
-
@girish that isn't very clear!
I think it's surely based on the domain name used for my.domain.tld, no?
i.e.
my.aaaaa.tld gets updated before
my.bbbbb.tld
....
my.zzzzz.tldThat's been my experience anyway.
-
@jdaviescoates yes, that's the primary domain in cloudron terminology
@girish I've still got problems after updating.
I'm assuming a manual certificate is my only option from here
-
@girish I've still got problems after updating.
I'm assuming a manual certificate is my only option from here
-
Hello,
I also report a problem with the certificate having on the domain yyy.xxx.tld
I noticed that the problem is common in many browsers - Firefox, Chrome, Brave and Vivaldi on the computer - the error pops up, and on Edge there is no error. On mobile devices - there is an error on all browsers.Feb 03 10:18:41 box:tasks update 15: {"percent":51,"message":"Ensuring certs of my.yyy.xxx.tld"} Feb 03 10:18:41 box:reverseproxy providerMatchesSync: subject=CN = *.yyy.xxx.tld domain=*.yyy.xxx.tld issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963 Feb 03 10:18:41 box:reverseproxy needsRenewal: false. force: false Feb 03 10:18:41 box:reverseproxy ensureCertificate: my.yyy.xxx.tld acme cert exists and is up to date
-
Hello,
I also report a problem with the certificate having on the domain yyy.xxx.tld
I noticed that the problem is common in many browsers - Firefox, Chrome, Brave and Vivaldi on the computer - the error pops up, and on Edge there is no error. On mobile devices - there is an error on all browsers.Feb 03 10:18:41 box:tasks update 15: {"percent":51,"message":"Ensuring certs of my.yyy.xxx.tld"} Feb 03 10:18:41 box:reverseproxy providerMatchesSync: subject=CN = *.yyy.xxx.tld domain=*.yyy.xxx.tld issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963 Feb 03 10:18:41 box:reverseproxy needsRenewal: false. force: false Feb 03 10:18:41 box:reverseproxy ensureCertificate: my.yyy.xxx.tld acme cert exists and is up to date
-
@matix131997 have you tried domains -> renew all certs already?
@girish Yes
-
@girish Yes
@matix131997 per the logs atleast, the certs are fine (from yesterday)
Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963
Have you tried clearing the browser cache? If you like, you can also send us the domain to support@cloudron.io and we can check on our end.
-
@matix131997 per the logs atleast, the certs are fine (from yesterday)
Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963
Have you tried clearing the browser cache? If you like, you can also send us the domain to support@cloudron.io and we can check on our end.
@girish Yes these are the certificates issued yesterday, because I put the server back up last night to move the applications from the old server. It was fine with the certificate until this morning. At work, the certificate started failing. I did a certificate refresh several times, cleared the browser and tests on several office devices and the error continues to appear.
EDIT: Now I reinstalled Cloudron but with manual settings for the domain with a Polish provider and it works fine so far. The certificate generates and displays without error. We will see in a few hours.
-
@matix131997 per the logs atleast, the certs are fine (from yesterday)
Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963
Have you tried clearing the browser cache? If you like, you can also send us the domain to support@cloudron.io and we can check on our end.
@girish
I seem to have found the cause. It is probably related to the API of the domain providers. I did a test with 3 providers.Hetzner DNS - no problem
GoDaddy - problem
Manual (domeny.tv) - no problemEDIT: Sorry for the edit.
One more test I did I used the domain that is in GoDaddy, having my.yyy.xxx-xxx.tld for manual settings. An error appears with the certificate! I have a feeling it's a problem with GoDaddy DNS or by the "-" in the domain.
-
@girish
I seem to have found the cause. It is probably related to the API of the domain providers. I did a test with 3 providers.Hetzner DNS - no problem
GoDaddy - problem
Manual (domeny.tv) - no problemEDIT: Sorry for the edit.
One more test I did I used the domain that is in GoDaddy, having my.yyy.xxx-xxx.tld for manual settings. An error appears with the certificate! I have a feeling it's a problem with GoDaddy DNS or by the "-" in the domain.
@matix131997 said in Let's Encrypt Didn't seem to auto-renew:
GoDaddy,
Sounds like yet another reason to avoid GoDaddy like the plague