Cloudron Forum

good question...I had yunohost before...they did recommend to install the CAA record. I think, that is the reason.

@userino you should also put that in /etc/sysctl.conf to make the setting persistent across reboots.

@matix131997 my understanding is that issuance from E1 requires whitelisting of your LE account - https://letsencrypt.org/certificates/ . This is why ISRG Root X2 is still limited availability.

@girish yeah, i did that.

@avatar1024 there is crash in cert renewal indeed. A fix is coming in 7.5.2

Nice. Thanks!

@hiramfromthechi thanks, I replied. Looks like MySQL is down.

@BrutalBirdie Even then, we are talking about Android 4.0 and Windows Vista ... Then again, I have heard stories of people using Windows XP still...

@Recliner2042 It needs to write to DNS . You can read more at https://letsencrypt.org/docs/challenge-types/ (dns-01).

This should be fixed in 7.3.6

https://securityheaders.com/

And some information about, who, why and how...
https://securityheaders.com/about/
https://securityheaders.com/faq/

@matix131997 said in Let's Encrypt Didn't seem to auto-renew:

GoDaddy,

Sounds like yet another reason to avoid GoDaddy like the plague 🤢

@AgentM which dns provider are you using? If you go to Domains -> Renew all certs, can you check the logs as to why it is it not getting the certs?

@nebulon
as said, there's no real problem right now, still I don't understand the behaviour and am curious.

you're talking about accessing the Cloudron through entering the IP (192.168.x.y) in the browser?

It's clear that this wouldn't work and this is not what I'm doing, it's a little more complicated:

the PC I'm accessing from, is in the same network segment than the cloudron (192.168.x.z). OpenVPN is active, the OpenVPN service is on a second cloudron outside in the internet still, when entering the URL (https://my.domain.*), the fritzbox page shows as soon as I connect the PC to a different network segment (192.168.y.z) everything works!

I don't understand why. Shouldn't the use of external VPN service make the internal source IP invisible?

@subven 🤦

wordwrap!!! the problem was staring me in the face! But I could not see it because i did not scroll to the right...

Thanks for the help!!!!

I took a cert and key file from another server, and renamed the default cert to be whatever the error wanted.
first thedomain.com.cert, then thedomain.com.key. and so-forth until it loaded. It is working now! .

@girish Great.

Yes, thanks for asking, it was a painful several hours during the wee hours of the night figuring out how to generate a set of new certs that would bring the UI back enough to regenerate them all.

I ended up using one of the 3rd party CLI tools for LE called getssl.

Thank you, the same happened with a browser that had never opened the site, I think I will continue checking.

@nebulon Sorry for the late reply, this topic has been resolved with your support. It was a misleading page. I will start a new thread on the backup issue. Please mark this as done or delete. All solved here. Thank you for your help.
https://forum.cloudron.io/topic/6895/the-site-is-deceptive/14?_=1661248303629

Nothing that mentioned the _ (wildcard) cert at least, which is part of why I'm stumped. I don't know what is creating it, or where to look.