Certs won't renew - HELP

stevespaw

OK I have access to the GoDaddy account _ have deleted the TXT record and restarted - I keep seeing the TXT record change, buy I get errors that they don't match. This is now a big issue I need to solve, but I am not very knowledgeable on LetsEncrypt. Where do I go from here?

robi

If you set up a new sub domain, do the certs work ok?

If so, then you can move the app from its current sub/domain to another temporary one. Validate it all works. Then move it back for a fresh set of certs.

stevespaw

If you set up a new sub domain, do the certs work ok?

within GoDaddy or a new app in Cloudron?

BTW even the main "my.xyz.com" is also failing. Currently 4 apps installed in Cloudron.

robi

@stevespaw Cloudron.. as idk how you set up your DNS. Most folks here choose to have it automated by Cloudron.

For example, if you configure GoDaddy to use CloudFlare for DNS, then you can have Cloudron effortlessly auto manage DNS entries via Cloudflare integration.

stevespaw

Yes we have all of our Cloudrons DNS automated - We have quite a few paid instances. This one instance is failing the automated renewal. That is the issue.

robi

Ok, so it's Cloudron specific, have you tried rebooting for any updates that may be needed?

stevespaw

yes.. I tried that 2 days ago when this started happening.

robi

Ugh, then it might be best to migrate the domain and app to a working Cloudron for your customer until this system can be fixed up.

This is more of a @girish specialty and he's on vacay for a bit

stevespaw

Ouch this is bad news. We have custom apps that directly work with API's in these cloudron apps.

robi

@stevespaw they'll still work, just on a different cloudron, right?

Containers for a reason.

stevespaw

Yes it is possible to migrate to another Cloudron, but what's to say that the SSL will work on a different cloudron to the same domain that is having issues?

robi

@stevespaw testing.

nebulon

So we have looked into this and it appears that LetsEncrypt does not see the TXT records (reporting a NXDOMAN) for those when directly talking to the GoDaddy nameservers. We have set the DNS backend to manual to fallback to the HTTP acme flow. That way the certs were refreshed fine.

Lets see if other GoDaddy users also face this, or if this is just a hiccup for those associated nameservers.

girish

Unfortunately, we have lost the ability to test GoDaddy since they disabled API use for all customers having < 10 domains or something. See also https://www.reddit.com/r/godaddy/comments/1chs1j8/godaddy_access_denied_via_apicall/ . If anyone can reproduce this and can give us a test set up, happy to debug further.

scooke

Who uses gd????