Cert renewing failing
-
Hi there,
I'm using cloudron 7.4.3 and I cannot renew my certs.
I'm using digitalocean. Given the logs, the issue does not seem to come from the API connection.
What's weird is this line, given that the challenges are actually matching.
Feb 23 16:02:27 box:dns/waitfordns isChangeSynced: _acme-challenge.domain.fun (TXT) was resolved to "JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY" at NS ns2.digitalocean.com (173.245.59.41). Expecting JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY. Match false
I get this:
Feb 23 16:02:26 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY Feb 23 16:02:26 box:dns upsertDNSRecord: location _acme-challenge on domain domain.fun of type TXT with values ["\"JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY\""] Feb 23 16:02:26 box:dns/digitalocean upsert: _acme-challenge for zone domain.fun of type TXT with values ["\"JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY\""] Feb 23 16:02:26 box:dns/digitalocean getInternal: getting dns records of domain.fun with _acme-challenge and type TXT Feb 23 16:02:26 box:dns/digitalocean upsert: completed with recordIds:[null] Feb 23 16:02:26 box:dns/waitfordns waitForDns: waiting for _acme-challenge.domain.fun to be JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY in zone domain.fun Feb 23 16:02:27 box:dns/waitfordns waitForDns: nameservers are ["ns2.digitalocean.com","ns3.digitalocean.com","ns1.digitalocean.com"] Feb 23 16:02:27 box:dns/waitfordns isChangeSynced: _acme-challenge.domain.fun (TXT) was resolved to "JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY" at NS ns2.digitalocean.com (173.245.59.41). Expecting JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY. Match false Feb 23 16:02:27 box:dns/waitfordns waitForDns: _acme-challenge.domain.fun at ns ns2.digitalocean.com: not done Feb 23 16:02:27 box:dns/waitfordns Attempt 1 failed. Will retry: ETRYAGAIN [later attempts fail the same way]
Any ideas?
-
-
https://git.cloudron.io/cloudron/box/-/commit/0dfadc59228978f82ae3aa2ba4be2b421e785e02 was the fix . You can always apply it locally in
/home/yellowtent/box/src/dns/digitalocean.js
. Then.systemctl restart box
and renew all certs. -
Thanks! I was able to renew certs. I'm backing up stuff and will be updating afterwards. It's a cloudron instance that pertains to my former team, but I'm the only one that has the technical knowledge to do admin stuff. You can guess how well that works
I have another instance (with a subscription) that runs very smoothly. -
-
-
@girish said in Cert renewing failing:
Any reason why you are still on an old version?
because the Cloudron auto-update stopped at this version for some reason. I assume there is a bug somewhere because this is the exact same Cloudron version I am on with the same cert issue.
Edit: I performed the change manually for the digitalocean.js TXT and the cert renewed successfully. Still on 7.4.3 though. I will test that update soon.
Edit 2: every time I try to update inside of the my.cloudron-domain.tld it fails but I do not get any errors. It just shows the "Update Available" button on in endless loop of never updating. Could it be because of the version of Ubuntu it is running on?
-
-
Hello!!
I have the same problem, but the certificate is still not updated....Although the DNS in Digitalocean entry is already written without quotation marks
My logs:
Aug 30 21:33:12 box:dns upsertDNSRecord: location _acme-challenge on domain domain.my of type TXT with values ["\"3hB9LTo81PLLIPQCwgC-rt14NcD-pIOLLYIVyZznfuk\""] Aug 30 21:33:12 box:dns/digitalocean upsert: _acme-challenge for zone domain.my of type TXT with values ["\"3hB9LTo81PLLIPQCwgC-rt14NcD-pIOLLYIVyZznfuk\""] Aug 30 21:33:12 box:dns/digitalocean getInternal: getting dns records of domain.my with _acme-challenge and type TXT Aug 30 21:33:13 box:dns/digitalocean getInternal: null [] Aug 30 21:33:13 box:dns/digitalocean upsert: completed with recordIds:[1750905219] Aug 30 21:33:13 box:dns/waitfordns waitForDns: hostname _acme-challenge.domain.my to be 3hB9LTo81PLLIPQCwgC-rt14NcD-pIOLLYIVyZznfuk in zone domain.my.
-
See https://forum.cloudron.io/topic/11171/cert-renewing-failing/3 . You have to apply patch manually. However, I have to tell you that neither Cloudron 7.0.4 nor Ubuntu 16 are supported by now. These are very old software versions. I think Cloudron 7.04 was released almost 3 years ago.
-
-
@netrocket strange, that is exactly what that line fixes. We have applied that patch to many servers by hand and it should work. Maybe you can write to us at support@cloudron.io ?