Cloudron Forum

@hiramfromthechi thanks, I replied. Looks like MySQL is down.

@girish This worked like a charm. And everything is working as I wanted
And this script is going to change the web hosting industry. I think that it's one of the best scripts I've ever used in this industry. Thank you guys

This should be fixed in 7.3.6

@matix131997 said in Let's Encrypt Didn't seem to auto-renew:

GoDaddy,

Sounds like yet another reason to avoid GoDaddy like the plague 🤢

@AgentM which dns provider are you using? If you go to Domains -> Renew all certs, can you check the logs as to why it is it not getting the certs?

@girish That did the trick, I appreciate it.

@lcd_official thanks for the kind words 🙂

yeah, I am not sure what changed on Cloudflare side, but we had to do this on our servers as well.

@omen OK, I figured out how configure Fastly now...
Please configure it like below:

Enable TLS - Yes Verify Certificate - Yes Certificate hostname - In my case, it is wildcard. But since you use the 'manual' provider, the hostname is subdomain.example.com. SNI hostname - this is subdomain.example.com.

With the above settings, fastly serves up pages fine on http.

c787fbfb-57bb-4793-a100-3da1015ba6a5-image.png

One thing to remember is, because you are using "manual" DNS provider, Cloudron requires "http" callbacks for Let's Encrypt to work. I am not sure how this works in fastly, does it allow you to have some URLs that are not "cached" ? I guess one way is to call the Cloudron app subdomain as "website.domain.com" but the domain in fastly should be something else like "realwebsite.domain.com" (meaning, name it different). This way, manual setting on Cloudron can continue to use HTTP reliably to get certificates.

If you want the domain names to be same, you have to use one of the automated DNS providers in Cloudron.

@cdolson thanks for reporting. I have replied in the LE forum. Looks like we introduced a bug in our DO 1-click image. I am working on a fix. Apologies for the mails you have been getting!

@aziz So, certificate for *.devz.cloud is already there, so if you install apps on subdomain it will work. Cert for devz.cloud (it is not a subdomain, so we have to get a separate cert from the wildcard cert) is getting rate limited.

You can just wait for 2-3 days to install an app on the bare domain and that should work. You should be able to install apps in subdomains in the meantime.

@girish Oh sorry about that, I don't seem to have looked that closely for the topic so that I would have noticed it.

I already thought that it has to do with the Let's Encrypt exchange. Thanks for that.

My nextcloud has no error, only my banking app, but I would say it is the same reason and I must wait for an update.

@murgero I suspect the exception is coming from https://git.cloudron.io/cloudron/cloudron-cli/-/blob/master/src/actions.js#L255 . That function is called from https://git.cloudron.io/cloudron/cloudron-cli/-/blob/master/src/actions.js#L309 (you can see the error message in the line after). If you know some nodejs, maybe you can debug that to see why it thinks options is undefined.

@d19dotca I fixed this now. It cleans up certs which expired 6 months ago.

@girish
Many thanks.

My mistake, I was so convinced auto-update was running that I didn't notice.

After updating to latest Cloudron version, all problems have resolved 👍

Thanks again
T.

@mehdi
This my friend is a good point, thank you for pulling me out of the tunnel. lol

Those are sent from Let's Encrypt for information mostly. You can safely unsubscribe, as your Cloudron will also notify you if renewal does not work.

@privsec said in Let’s encrypt certificates expiring?:

Like can there be a memory within cloudron of all subdomains used and when it comes time to renew, just renew it on all of those subdomains?

That's the current behavior. It only renews domains that are in use in Cloudron. AFAIK, there is no way to tell Let's Encrypt to "forget a subdomain" that we had gotten a certificate before. This is the reason why you get the reminder emails from Let's Encrypt about old domains.