Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Let's Encrypt renew fail

Let's Encrypt renew fail

Scheduled Pinned Locked Moved Solved Support
letsencryptporkbun
4 Posts 2 Posters 72 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    T Offline
    therealwebmaster
    wrote last edited by girish
    #1

    All let's Encrypt certificate were working for several month. For 2 domains.

    I didnt know why they stopped auto renew but I got an email for expiry. First email was sent on october 9th. So I came in cloudron today to manual renew.

    Saw this in the logs :

    504953ea-b164-4423-9e47-2b88b4a14667-image.png

    So I hitted the Renew all cert button. I then got this errors in full log (where I replaced the domain name for fake ones).

    Any idea what's wrong?

    2024-10-30T19:09:17.196Z box:taskworker Starting task 2871. Logs are at /home/yellowtent/platformdata/logs/tasks/2871.log
2024-10-30T19:09:17.308Z box:tasks update 2871: {"percent":34,"message":"Ensuring certs of my.first-domain-to-renew.com"}
2024-10-30T19:09:17.354Z box:shell providerMatches execArgs: openssl ["x509","-noout","-subject","-issuer"]
2024-10-30T19:09:17.416Z box:shell getCertificateDates execArgs: openssl ["x509","-startdate","-enddate","-subject","-noout"]
2024-10-30T19:09:17.415Z box:reverseproxy providerMatches: subject=CN = *.first-domain-to-renew.com domain=*.first-domain-to-renew.com issuer=C = US, O = Let's Encrypt, CN = E6 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-10-30T19:09:17.437Z box:reverseproxy expiryDate: subject=CN = *.first-domain-to-renew.com notBefore=Aug 14 06:12:10 2024 GMT notAfter=Nov 12 06:12:09 2024 GMT daysLeft=12.460319016203703
2024-10-30T19:09:17.438Z box:reverseproxy needsRenewal: true. force: false
2024-10-30T19:09:17.438Z box:reverseproxy ensureCertificate: my.first-domain-to-renew.com acme cert exists but provider mismatch or needs renewal
2024-10-30T19:09:17.438Z box:reverseproxy ensureCertificate: my.first-domain-to-renew.com needs acme cert
2024-10-30T19:09:17.444Z box:cert/acme2 getCertificate: for fqdn my.first-domain-to-renew.com and domain first-domain-to-renew.com
2024-10-30T19:09:17.446Z box:cert/acme2 Acme2: will get cert for fqdn: my.first-domain-to-renew.com cn: *.first-domain-to-renew.com certName: _.first-domain-to-renew.com wildcard: true http: false
2024-10-30T19:09:17.446Z box:cert/acme2 getCertificate: start acme flow for *.first-domain-to-renew.com from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:09:17.611Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:09:37.637Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:09:57.674Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:09:57.682Z box:cert/acme2 getCertificate: for fqdn my.first-domain-to-renew.com and domain first-domain-to-renew.com
2024-10-30T19:09:57.683Z box:cert/acme2 Acme2: will get cert for fqdn: my.first-domain-to-renew.com cn: *.first-domain-to-renew.com certName: _.first-domain-to-renew.com wildcard: true http: false
2024-10-30T19:09:57.683Z box:cert/acme2 getCertificate: start acme flow for *.first-domain-to-renew.com from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:09:57.688Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:10:17.716Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:10:37.749Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:10:37.751Z box:cert/acme2 getCertificate: for fqdn my.first-domain-to-renew.com and domain first-domain-to-renew.com
2024-10-30T19:10:37.752Z box:cert/acme2 Acme2: will get cert for fqdn: my.first-domain-to-renew.com cn: *.first-domain-to-renew.com certName: _.first-domain-to-renew.com wildcard: true http: false
2024-10-30T19:10:37.752Z box:cert/acme2 getCertificate: start acme flow for *.first-domain-to-renew.com from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:10:37.760Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:10:57.788Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:17.821Z box:reverseproxy ensureCertificate: error: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:17.835Z box:tasks update 2871: {"percent":67,"message":"Ensuring certs of second-domain-to-renew"}
2024-10-30T19:11:17.847Z box:shell providerMatches execArgs: openssl ["x509","-noout","-subject","-issuer"]
2024-10-30T19:11:17.868Z box:reverseproxy providerMatches: subject=CN = second-domain-to-renew domain=second-domain-to-renew issuer=C = US, O = Let's Encrypt, CN = E6 wildcard=false/false prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-10-30T19:11:17.868Z box:shell getCertificateDates execArgs: openssl ["x509","-startdate","-enddate","-subject","-noout"]
2024-10-30T19:11:17.880Z box:reverseproxy expiryDate: subject=CN = second-domain-to-renew notBefore=Jul 31 06:10:28 2024 GMT notAfter=Oct 29 06:10:27 2024 GMT daysLeft=-1.5422555555555555
2024-10-30T19:11:17.880Z box:reverseproxy needsRenewal: true. force: false
2024-10-30T19:11:17.880Z box:reverseproxy ensureCertificate: second-domain-to-renew acme cert exists but provider mismatch or needs renewal
2024-10-30T19:11:17.880Z box:reverseproxy ensureCertificate: second-domain-to-renew needs acme cert
2024-10-30T19:11:17.888Z box:cert/acme2 getCertificate: for fqdn second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:11:17.888Z box:cert/acme2 Acme2: will get cert for fqdn: second-domain-to-renew cn: second-domain-to-renew certName: second-domain-to-renew wildcard: false http: true
2024-10-30T19:11:17.888Z box:cert/acme2 getCertificate: start acme flow for second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:11:17.894Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:37.927Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:57.957Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:57.958Z box:cert/acme2 getCertificate: for fqdn second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:11:57.958Z box:cert/acme2 Acme2: will get cert for fqdn: second-domain-to-renew cn: second-domain-to-renew certName: second-domain-to-renew wildcard: false http: true
2024-10-30T19:11:57.958Z box:cert/acme2 getCertificate: start acme flow for second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:11:57.964Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:12:17.993Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:12:38.023Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:12:38.024Z box:cert/acme2 getCertificate: for fqdn second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:12:38.025Z box:cert/acme2 Acme2: will get cert for fqdn: second-domain-to-renew cn: second-domain-to-renew certName: second-domain-to-renew wildcard: false http: true
2024-10-30T19:12:38.025Z box:cert/acme2 getCertificate: start acme flow for second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:12:38.029Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:12:58.065Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:18.097Z box:reverseproxy ensureCertificate: error: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:18.105Z box:tasks update 2871: {"percent":100,"message":"Ensuring certs of www.second-domain-to-renew"}
2024-10-30T19:13:18.124Z box:shell providerMatches execArgs: openssl ["x509","-noout","-subject","-issuer"]
2024-10-30T19:13:18.154Z box:reverseproxy providerMatches: subject=CN = www.second-domain-to-renew domain=www.second-domain-to-renew issuer=C = US, O = Let's Encrypt, CN = E6 wildcard=false/false prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-10-30T19:13:18.155Z box:shell getCertificateDates execArgs: openssl ["x509","-startdate","-enddate","-subject","-noout"]
2024-10-30T19:13:18.169Z box:reverseproxy expiryDate: subject=CN = www.second-domain-to-renew notBefore=Aug 14 06:12:34 2024 GMT notAfter=Nov 12 06:12:33 2024 GMT daysLeft=12.457810543981482
2024-10-30T19:13:18.169Z box:reverseproxy needsRenewal: true. force: false
2024-10-30T19:13:18.169Z box:reverseproxy ensureCertificate: www.second-domain-to-renew acme cert exists but provider mismatch or needs renewal
2024-10-30T19:13:18.169Z box:reverseproxy ensureCertificate: www.second-domain-to-renew needs acme cert
2024-10-30T19:13:18.174Z box:cert/acme2 getCertificate: for fqdn www.second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:13:18.174Z box:cert/acme2 Acme2: will get cert for fqdn: www.second-domain-to-renew cn: www.second-domain-to-renew certName: www.second-domain-to-renew wildcard: false http: true
2024-10-30T19:13:18.174Z box:cert/acme2 getCertificate: start acme flow for www.second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:13:18.181Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:38.221Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:58.259Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:58.262Z box:cert/acme2 getCertificate: for fqdn www.second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:13:58.263Z box:cert/acme2 Acme2: will get cert for fqdn: www.second-domain-to-renew cn: www.second-domain-to-renew certName: www.second-domain-to-renew wildcard: false http: true
2024-10-30T19:13:58.263Z box:cert/acme2 getCertificate: start acme flow for www.second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:13:58.269Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:14:18.304Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:14:38.327Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:14:38.328Z box:cert/acme2 getCertificate: for fqdn www.second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:14:38.329Z box:cert/acme2 Acme2: will get cert for fqdn: www.second-domain-to-renew cn: www.second-domain-to-renew certName: www.second-domain-to-renew wildcard: false http: true
2024-10-30T19:14:38.329Z box:cert/acme2 getCertificate: start acme flow for www.second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:14:38.333Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:14:58.362Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:15:18.391Z box:reverseproxy ensureCertificate: error: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:15:18.401Z box:tasks update 2871: {"message":"Rebuilding app configs"}
2024-10-30T19:15:18.433Z box:shell isOscpEnabled execArgs: openssl ["x509","-in","/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.cert","-noout","-ocsp_uri"]
2024-10-30T19:15:18.472Z box:reverseproxy writeAppLocationNginxConfig: writing config for "second-domain-to-renew" to /home/yellowtent/platformdata/nginx/applications/e71590ab-cf2c-43de-9160-61d78d11dde1/second-domain-to-renew.conf with options {"sourceDir":"/home/yellowtent/box","vhost":"second-domain-to-renew","hasIPv6":true,"ip":"172.18.17.116","port":80,"endpoint":"app","redirectTo":null,"certFilePath":"/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.cert","keyFilePath":"/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.key","robotsTxtQuoted":null,"cspQuoted":null,"hideHeaders":[],"proxyAuth":{"enabled":false,"id":"e71590ab-cf2c-43de-9160-61d78d11dde1","location":"/"},"upstreamUri":"","ocsp":true,"hstsPreload":false}
2024-10-30T19:15:18.484Z box:shell isOscpEnabled execArgs: openssl ["x509","-in","/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.cert","-noout","-ocsp_uri"]
2024-10-30T19:15:18.509Z box:reverseproxy writeAppLocationNginxConfig: writing config for "www.second-domain-to-renew" to /home/yellowtent/platformdata/nginx/applications/e71590ab-cf2c-43de-9160-61d78d11dde1/www.second-domain-to-renew.conf with options {"sourceDir":"/home/yellowtent/box","vhost":"www.second-domain-to-renew","hasIPv6":true,"ip":null,"port":null,"endpoint":"redirect","redirectTo":"second-domain-to-renew","certFilePath":"/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.cert","keyFilePath":"/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.key","robotsTxtQuoted":null,"cspQuoted":null,"hideHeaders":[],"proxyAuth":{"enabled":false,"id":"e71590ab-cf2c-43de-9160-61d78d11dde1","location":"/"},"upstreamUri":"","ocsp":true,"hstsPreload":false}
2024-10-30T19:15:18.510Z box:shell reload /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.cert"
2024-10-30T19:15:18.618Z box:reverseproxy writeDashboardConfig: writing dashboard config for first-domain-to-renew.com
2024-10-30T19:15:18.634Z box:shell isOscpEnabled execArgs: openssl ["x509","-in","/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert","-noout","-ocsp_uri"]
2024-10-30T19:15:18.651Z box:shell reload /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.cert"
2024-10-30T19:15:18.789Z box:mailserver checkCertificate: certificate has not changed
2024-10-30T19:15:18.789Z box:shell notifyCertChange /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh box
2024-10-30T19:15:18.964Z box:tasks update 2871: {"message":"Checking expired certs for removal"}
2024-10-30T19:15:18.979Z box:shell getCertificateDates execArgs: openssl ["x509","-startdate","-enddate","-subject","-noout"]
2024-10-30T19:15:18.998Z box:reverseproxy expiryDate: subject=CN = first-domain-to-renew.com notBefore=Mar  1 06:10:36 2024 GMT notAfter=May 30 06:10:35 2024 GMT daysLeft=-153.54495368055555
2024-10-30T19:15:18.998Z box:reverseproxy cleanupCerts: done
2024-10-30T19:15:18.999Z box:taskworker Task took 361.937 seconds
2024-10-30T19:15:18.999Z box:tasks setCompleted - 2871: {"result":null,"error":null}
2024-10-30T19:15:19.000Z box:tasks update 2871: {"percent":100,"result":null,"error":null}
    1 Reply Last reply
    0
    • T Offline
      T Offline
      therealwebmaster
      wrote last edited by
      #2

      Update:
      second-domain-to-renew is configured with namecheap, wildcard config in cloudron. I also got this when i try to change the certificate type for it :

      image.png
      And my Namcheap configs look like this.

      image.png

      Something must have changed in Cloudron. Since certificate was obtained with Cloudront / Lets enscrypt and was working fine before.

      1 Reply Last reply
      0
      • T therealwebmaster referenced this topic
      • T Offline
        T Offline
        therealwebmaster
        wrote last edited by
        #3

        I now think it's all related to my main domain, which is with Porkbun, but can't sync with Porkbun because Cloudron is not using their new API.

        https://forum.cloudron.io/topic/12634/porkbun-critical-api-hostname-update-to-do-in-cloudron/4

        1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish Staff
          wrote last edited by
          #4

          The porkbun issue is fixed in 8.1

          1 Reply Last reply
          0
          • girishG girish marked this topic as a question
          • girishG girish has marked this topic as solved

          • Login
          • Don't have an account? Register
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search