Cloudron Forum

Thanks for sharing that and glad it worked out in the end.

Disabling Cloudflare seemed to work. Thanks.

So wildcard is only for subdomains of a domain. The domain.com record is not covered by wildcard.
But yes the instructions probably sound like both *.domain.com and domain.com are in fact managed by Coudron, but all I can tell you that unless an app is using a domain, the certs will not be renewed. Maybe we can be smarter about this in the future, but to solve your problem this is what is required.

Note a redirect to an existing app will also work.

@msbt yes, exactly. It will also get into error state only after some time (because it will retry a lot)...

@girish Thank you, Cloudron team, once again for the great work. After updating Cloudron, the problem is resolved. Thank you very much.

@girish Confirming that the issue was unrelated. It was very helpful to be able to manually refresh certificates and then view the log files. Thanks!

@dreamingofadmin I think first step is to get access to your dashboard.

In Cloudflare, do you have an entry for my.domain.com to your server IP (DNS A record) ? If not, add this manually. Wait a bit. Access https://my.domain.com . If it's asking to accept self signed certs, accept them. Once in dashboard, Domains -> Sync DNS . This will add all the DNS entries. Then, Domains -> Renew all certs.

Please let us know what is failing and where.

@girish Thanks! I hadn't thought of checking the certificate in the browser - yes, all is good.

@THI_Staff it's not too uncommon an oversight. I made an internal note for dev. Maybe we can notify Cloudron admins if the Domain API keys are not working anymore. We do this check when adding the domain, but maybe we can do this check periodically. This will also catch API key change etc.

@luckow yes. See this comment - https://forum.cloudron.io/post/83868

https://git.cloudron.io/cloudron/box/-/commit/0dfadc59228978f82ae3aa2ba4be2b421e785e02 was the fix . You can always apply it locally in /home/yellowtent/box/src/dns/digitalocean.js . Then, systemctl restart box and renew all certs.

@girish said in Cert renewing failing:

@visuex are you the same as @cpa ?

Nope, not me!

@girish said in Add notification for Certificate errors:

@andreasdueren sorry, I meant if your Cloudron is able to send outbound email. Does sending a test email work - https://docs.cloudron.io/email/#send-test-email

Yea works no problem

good question...I had yunohost before...they did recommend to install the CAA record. I think, that is the reason.

@userino you should also put that in /etc/sysctl.conf to make the setting persistent across reboots.

@matix131997 my understanding is that issuance from E1 requires whitelisting of your LE account - https://letsencrypt.org/certificates/ . This is why ISRG Root X2 is still limited availability.

@girish yeah, i did that.

@avatar1024 there is crash in cert renewal indeed. A fix is coming in 7.5.2

Nice. Thanks!

@hiramfromthechi thanks, I replied. Looks like MySQL is down.

@BrutalBirdie Even then, we are talking about Android 4.0 and Windows Vista ... Then again, I have heard stories of people using Windows XP still...