Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Cert renewing failing

Cert renewing failing

Scheduled Pinned Locked Moved Solved Support
certificatesdigitalocean
15 Posts 6 Posters 1.7k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      C Offline
      cpa
      wrote on last edited by girish
      #1

      Hi there,

      I'm using cloudron 7.4.3 and I cannot renew my certs.

      I'm using digitalocean. Given the logs, the issue does not seem to come from the API connection.

      What's weird is this line, given that the challenges are actually matching.
      Feb 23 16:02:27 box:dns/waitfordns isChangeSynced: _acme-challenge.domain.fun (TXT) was resolved to "JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY" at NS ns2.digitalocean.com (173.245.59.41). Expecting JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY. Match false

      I get this:

      Feb 23 16:02:26 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY
      Feb 23 16:02:26 box:dns upsertDNSRecord: location _acme-challenge on domain domain.fun of type TXT with values ["\"JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY\""]
      Feb 23 16:02:26 box:dns/digitalocean upsert: _acme-challenge for zone domain.fun of type TXT with values ["\"JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY\""]
      Feb 23 16:02:26 box:dns/digitalocean getInternal: getting dns records of domain.fun with _acme-challenge and type TXT
      Feb 23 16:02:26 box:dns/digitalocean upsert: completed with recordIds:[null]
      Feb 23 16:02:26 box:dns/waitfordns waitForDns: waiting for _acme-challenge.domain.fun to be JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY in zone domain.fun
      Feb 23 16:02:27 box:dns/waitfordns waitForDns: nameservers are ["ns2.digitalocean.com","ns3.digitalocean.com","ns1.digitalocean.com"]
      Feb 23 16:02:27 box:dns/waitfordns isChangeSynced: _acme-challenge.domain.fun (TXT) was resolved to "JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY" at NS ns2.digitalocean.com (173.245.59.41). Expecting JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY. Match false
      Feb 23 16:02:27 box:dns/waitfordns waitForDns: _acme-challenge.domain.fun at ns ns2.digitalocean.com: not done
      Feb 23 16:02:27 box:dns/waitfordns Attempt 1 failed. Will retry: ETRYAGAIN
      [later attempts fail the same way]
      

      Any ideas?

      girishG 1 Reply Last reply
      1
      • C cpa

        Hi there,

        I'm using cloudron 7.4.3 and I cannot renew my certs.

        I'm using digitalocean. Given the logs, the issue does not seem to come from the API connection.

        What's weird is this line, given that the challenges are actually matching.
        Feb 23 16:02:27 box:dns/waitfordns isChangeSynced: _acme-challenge.domain.fun (TXT) was resolved to "JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY" at NS ns2.digitalocean.com (173.245.59.41). Expecting JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY. Match false

        I get this:

        Feb 23 16:02:26 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY
        Feb 23 16:02:26 box:dns upsertDNSRecord: location _acme-challenge on domain domain.fun of type TXT with values ["\"JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY\""]
        Feb 23 16:02:26 box:dns/digitalocean upsert: _acme-challenge for zone domain.fun of type TXT with values ["\"JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY\""]
        Feb 23 16:02:26 box:dns/digitalocean getInternal: getting dns records of domain.fun with _acme-challenge and type TXT
        Feb 23 16:02:26 box:dns/digitalocean upsert: completed with recordIds:[null]
        Feb 23 16:02:26 box:dns/waitfordns waitForDns: waiting for _acme-challenge.domain.fun to be JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY in zone domain.fun
        Feb 23 16:02:27 box:dns/waitfordns waitForDns: nameservers are ["ns2.digitalocean.com","ns3.digitalocean.com","ns1.digitalocean.com"]
        Feb 23 16:02:27 box:dns/waitfordns isChangeSynced: _acme-challenge.domain.fun (TXT) was resolved to "JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY" at NS ns2.digitalocean.com (173.245.59.41). Expecting JD5vLWoK0g0EkM5_OJV51UHXDzUUJFbpwIxVCfxWQQY. Match false
        Feb 23 16:02:27 box:dns/waitfordns waitForDns: _acme-challenge.domain.fun at ns ns2.digitalocean.com: not done
        Feb 23 16:02:27 box:dns/waitfordns Attempt 1 failed. Will retry: ETRYAGAIN
        [later attempts fail the same way]
        

        Any ideas?

        girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #2

        @cpa the issue is already fixed in 7.6. Any reason why you are still on an old version?

        V 1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #3

          https://git.cloudron.io/cloudron/box/-/commit/0dfadc59228978f82ae3aa2ba4be2b421e785e02 was the fix . You can always apply it locally in /home/yellowtent/box/src/dns/digitalocean.js . Then. systemctl restart box and renew all certs.

          1 Reply Last reply
          0
          • C Offline
            C Offline
            cpa
            wrote on last edited by
            #4

            Thanks! I was able to renew certs. I'm backing up stuff and will be updating afterwards. It's a cloudron instance that pertains to my former team, but I'm the only one that has the technical knowledge to do admin stuff. You can guess how well that works 🙂
            I have another instance (with a subscription) that runs very smoothly.

            1 Reply Last reply
            0
            • girishG girish marked this topic as a question on
            • girishG girish has marked this topic as solved on
            • girishG girish

              @cpa the issue is already fixed in 7.6. Any reason why you are still on an old version?

              V Offline
              V Offline
              visuex
              wrote on last edited by visuex
              #5

              @girish said in Cert renewing failing:

              Any reason why you are still on an old version?

              because the Cloudron auto-update stopped at this version for some reason. I assume there is a bug somewhere because this is the exact same Cloudron version I am on with the same cert issue.

              Edit: I performed the change manually for the digitalocean.js TXT and the cert renewed successfully. Still on 7.4.3 though. I will test that update soon.

              Edit 2: every time I try to update inside of the my.cloudron-domain.tld it fails but I do not get any errors. It just shows the "Update Available" button on in endless loop of never updating. Could it be because of the version of Ubuntu it is running on?

              1 Reply Last reply
              0
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by girish
                #6

                @visuex are you the same as @cpa ? What is the context of this comment? The original thread was about certs not renewing but in your comment you said it's renewing just fine. Can you open a new thread please if you have some problem?

                C 1 Reply Last reply
                0
                • N Offline
                  N Offline
                  netrocket
                  wrote on last edited by
                  #7

                  Hello!!

                  I have the same problem, but the certificate is still not updated....Although the DNS in Digitalocean entry is already written without quotation marks

                  My logs:

                  Aug 30 21:33:12 box:dns upsertDNSRecord: location _acme-challenge on domain domain.my of type TXT with values ["\"3hB9LTo81PLLIPQCwgC-rt14NcD-pIOLLYIVyZznfuk\""]
                  Aug 30 21:33:12 box:dns/digitalocean upsert: _acme-challenge for zone domain.my of type TXT with values ["\"3hB9LTo81PLLIPQCwgC-rt14NcD-pIOLLYIVyZznfuk\""]
                  Aug 30 21:33:12 box:dns/digitalocean getInternal: getting dns records of domain.my with _acme-challenge and type TXT
                  Aug 30 21:33:13 box:dns/digitalocean getInternal: null []
                  Aug 30 21:33:13 box:dns/digitalocean upsert: completed with recordIds:[1750905219]
                  Aug 30 21:33:13 box:dns/waitfordns waitForDns: hostname _acme-challenge.domain.my to be 3hB9LTo81PLLIPQCwgC-rt14NcD-pIOLLYIVyZznfuk in zone domain.my.
                  
                  1 Reply Last reply
                  0
                  • J Offline
                    J Offline
                    joseph
                    Staff
                    wrote on last edited by
                    #8

                    @netrocket which version of Cloudron are you on? This bug is long fixed

                    N 1 Reply Last reply
                    0
                    • J joseph

                      @netrocket which version of Cloudron are you on? This bug is long fixed

                      N Offline
                      N Offline
                      netrocket
                      wrote on last edited by
                      #9

                      @joseph v7.0.4 (Ubuntu 16.04.7 LTS) and we can't update Ubuntu (

                      1 Reply Last reply
                      0
                      • nebulonN Offline
                        nebulonN Offline
                        nebulon
                        Staff
                        wrote on last edited by
                        #10

                        oh that is indeed quite old and 16.04 does not even receive security updates anymore. What is the reason that you cannot upgrade ubuntu itself?

                        1 Reply Last reply
                        0
                        • J Offline
                          J Offline
                          joseph
                          Staff
                          wrote on last edited by
                          #11

                          See https://forum.cloudron.io/topic/11171/cert-renewing-failing/3 . You have to apply patch manually. However, I have to tell you that neither Cloudron 7.0.4 nor Ubuntu 16 are supported by now. These are very old software versions. I think Cloudron 7.04 was released almost 3 years ago.

                          N 1 Reply Last reply
                          0
                          • J joseph referenced this topic on
                          • J joseph

                            See https://forum.cloudron.io/topic/11171/cert-renewing-failing/3 . You have to apply patch manually. However, I have to tell you that neither Cloudron 7.0.4 nor Ubuntu 16 are supported by now. These are very old software versions. I think Cloudron 7.04 was released almost 3 years ago.

                            N Offline
                            N Offline
                            netrocket
                            wrote on last edited by netrocket
                            #12

                            @joseph I changed the code in the digitalocean.js file, but the error stay. It turns out that the DNS record is being created without quotes, but the validation is still being done with quotes.

                            1 Reply Last reply
                            0
                            • J Offline
                              J Offline
                              joseph
                              Staff
                              wrote on last edited by
                              #13

                              @netrocket strange, that is exactly what that line fixes. We have applied that patch to many servers by hand and it should work. Maybe you can write to us at support@cloudron.io ?

                              1 Reply Last reply
                              0
                              • N Offline
                                N Offline
                                netrocket
                                wrote on last edited by netrocket
                                #14

                                I updated server to Ubuntu 18.04.
                                I'll try to do everything right )

                                Thanks for your help
                                if there are any questions - I will write to you

                                1 Reply Last reply
                                1
                                • girishG girish

                                  @visuex are you the same as @cpa ? What is the context of this comment? The original thread was about certs not renewing but in your comment you said it's renewing just fine. Can you open a new thread please if you have some problem?

                                  C Offline
                                  C Offline
                                  cpa
                                  wrote on last edited by
                                  #15

                                  @girish said in Cert renewing failing:

                                  @visuex are you the same as @cpa ?

                                  Nope, not me!

                                  1 Reply Last reply
                                  0
                                  Reply
                                  • Reply as topic
                                  Log in to reply
                                  • Oldest to Newest
                                  • Newest to Oldest
                                  • Most Votes


                                    • Login

                                    • Don't have an account? Register

                                    • Login or register to search.
                                    • First post
                                      Last post
                                    0
                                    • Categories
                                    • Recent
                                    • Tags
                                    • Popular
                                    • Bookmarks
                                    • Search