Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Let's Encrypt renew fail

Let's Encrypt renew fail

Scheduled Pinned Locked Moved Solved Support
letsencryptporkbun
4 Posts 2 Posters 980 Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    T Offline
    therealwebmaster
    wrote on last edited by girish
    #1

    All let's Encrypt certificate were working for several month. For 2 domains.

    I didnt know why they stopped auto renew but I got an email for expiry. First email was sent on october 9th. So I came in cloudron today to manual renew.

    Saw this in the logs :

    504953ea-b164-4423-9e47-2b88b4a14667-image.png

    So I hitted the Renew all cert button. I then got this errors in full log (where I replaced the domain name for fake ones).

    Any idea what's wrong?

    2024-10-30T19:09:17.196Z box:taskworker Starting task 2871. Logs are at /home/yellowtent/platformdata/logs/tasks/2871.log
2024-10-30T19:09:17.308Z box:tasks update 2871: {"percent":34,"message":"Ensuring certs of my.first-domain-to-renew.com"}
2024-10-30T19:09:17.354Z box:shell providerMatches execArgs: openssl ["x509","-noout","-subject","-issuer"]
2024-10-30T19:09:17.416Z box:shell getCertificateDates execArgs: openssl ["x509","-startdate","-enddate","-subject","-noout"]
2024-10-30T19:09:17.415Z box:reverseproxy providerMatches: subject=CN = *.first-domain-to-renew.com domain=*.first-domain-to-renew.com issuer=C = US, O = Let's Encrypt, CN = E6 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-10-30T19:09:17.437Z box:reverseproxy expiryDate: subject=CN = *.first-domain-to-renew.com notBefore=Aug 14 06:12:10 2024 GMT notAfter=Nov 12 06:12:09 2024 GMT daysLeft=12.460319016203703
2024-10-30T19:09:17.438Z box:reverseproxy needsRenewal: true. force: false
2024-10-30T19:09:17.438Z box:reverseproxy ensureCertificate: my.first-domain-to-renew.com acme cert exists but provider mismatch or needs renewal
2024-10-30T19:09:17.438Z box:reverseproxy ensureCertificate: my.first-domain-to-renew.com needs acme cert
2024-10-30T19:09:17.444Z box:cert/acme2 getCertificate: for fqdn my.first-domain-to-renew.com and domain first-domain-to-renew.com
2024-10-30T19:09:17.446Z box:cert/acme2 Acme2: will get cert for fqdn: my.first-domain-to-renew.com cn: *.first-domain-to-renew.com certName: _.first-domain-to-renew.com wildcard: true http: false
2024-10-30T19:09:17.446Z box:cert/acme2 getCertificate: start acme flow for *.first-domain-to-renew.com from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:09:17.611Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:09:37.637Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:09:57.674Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:09:57.682Z box:cert/acme2 getCertificate: for fqdn my.first-domain-to-renew.com and domain first-domain-to-renew.com
2024-10-30T19:09:57.683Z box:cert/acme2 Acme2: will get cert for fqdn: my.first-domain-to-renew.com cn: *.first-domain-to-renew.com certName: _.first-domain-to-renew.com wildcard: true http: false
2024-10-30T19:09:57.683Z box:cert/acme2 getCertificate: start acme flow for *.first-domain-to-renew.com from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:09:57.688Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:10:17.716Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:10:37.749Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:10:37.751Z box:cert/acme2 getCertificate: for fqdn my.first-domain-to-renew.com and domain first-domain-to-renew.com
2024-10-30T19:10:37.752Z box:cert/acme2 Acme2: will get cert for fqdn: my.first-domain-to-renew.com cn: *.first-domain-to-renew.com certName: _.first-domain-to-renew.com wildcard: true http: false
2024-10-30T19:10:37.752Z box:cert/acme2 getCertificate: start acme flow for *.first-domain-to-renew.com from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:10:37.760Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:10:57.788Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:17.821Z box:reverseproxy ensureCertificate: error: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:17.835Z box:tasks update 2871: {"percent":67,"message":"Ensuring certs of second-domain-to-renew"}
2024-10-30T19:11:17.847Z box:shell providerMatches execArgs: openssl ["x509","-noout","-subject","-issuer"]
2024-10-30T19:11:17.868Z box:reverseproxy providerMatches: subject=CN = second-domain-to-renew domain=second-domain-to-renew issuer=C = US, O = Let's Encrypt, CN = E6 wildcard=false/false prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-10-30T19:11:17.868Z box:shell getCertificateDates execArgs: openssl ["x509","-startdate","-enddate","-subject","-noout"]
2024-10-30T19:11:17.880Z box:reverseproxy expiryDate: subject=CN = second-domain-to-renew notBefore=Jul 31 06:10:28 2024 GMT notAfter=Oct 29 06:10:27 2024 GMT daysLeft=-1.5422555555555555
2024-10-30T19:11:17.880Z box:reverseproxy needsRenewal: true. force: false
2024-10-30T19:11:17.880Z box:reverseproxy ensureCertificate: second-domain-to-renew acme cert exists but provider mismatch or needs renewal
2024-10-30T19:11:17.880Z box:reverseproxy ensureCertificate: second-domain-to-renew needs acme cert
2024-10-30T19:11:17.888Z box:cert/acme2 getCertificate: for fqdn second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:11:17.888Z box:cert/acme2 Acme2: will get cert for fqdn: second-domain-to-renew cn: second-domain-to-renew certName: second-domain-to-renew wildcard: false http: true
2024-10-30T19:11:17.888Z box:cert/acme2 getCertificate: start acme flow for second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:11:17.894Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:37.927Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:57.957Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:11:57.958Z box:cert/acme2 getCertificate: for fqdn second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:11:57.958Z box:cert/acme2 Acme2: will get cert for fqdn: second-domain-to-renew cn: second-domain-to-renew certName: second-domain-to-renew wildcard: false http: true
2024-10-30T19:11:57.958Z box:cert/acme2 getCertificate: start acme flow for second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:11:57.964Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:12:17.993Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:12:38.023Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:12:38.024Z box:cert/acme2 getCertificate: for fqdn second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:12:38.025Z box:cert/acme2 Acme2: will get cert for fqdn: second-domain-to-renew cn: second-domain-to-renew certName: second-domain-to-renew wildcard: false http: true
2024-10-30T19:12:38.025Z box:cert/acme2 getCertificate: start acme flow for second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:12:38.029Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:12:58.065Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:18.097Z box:reverseproxy ensureCertificate: error: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:18.105Z box:tasks update 2871: {"percent":100,"message":"Ensuring certs of www.second-domain-to-renew"}
2024-10-30T19:13:18.124Z box:shell providerMatches execArgs: openssl ["x509","-noout","-subject","-issuer"]
2024-10-30T19:13:18.154Z box:reverseproxy providerMatches: subject=CN = www.second-domain-to-renew domain=www.second-domain-to-renew issuer=C = US, O = Let's Encrypt, CN = E6 wildcard=false/false prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-10-30T19:13:18.155Z box:shell getCertificateDates execArgs: openssl ["x509","-startdate","-enddate","-subject","-noout"]
2024-10-30T19:13:18.169Z box:reverseproxy expiryDate: subject=CN = www.second-domain-to-renew notBefore=Aug 14 06:12:34 2024 GMT notAfter=Nov 12 06:12:33 2024 GMT daysLeft=12.457810543981482
2024-10-30T19:13:18.169Z box:reverseproxy needsRenewal: true. force: false
2024-10-30T19:13:18.169Z box:reverseproxy ensureCertificate: www.second-domain-to-renew acme cert exists but provider mismatch or needs renewal
2024-10-30T19:13:18.169Z box:reverseproxy ensureCertificate: www.second-domain-to-renew needs acme cert
2024-10-30T19:13:18.174Z box:cert/acme2 getCertificate: for fqdn www.second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:13:18.174Z box:cert/acme2 Acme2: will get cert for fqdn: www.second-domain-to-renew cn: www.second-domain-to-renew certName: www.second-domain-to-renew wildcard: false http: true
2024-10-30T19:13:18.174Z box:cert/acme2 getCertificate: start acme flow for www.second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:13:18.181Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:38.221Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:58.259Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:13:58.262Z box:cert/acme2 getCertificate: for fqdn www.second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:13:58.263Z box:cert/acme2 Acme2: will get cert for fqdn: www.second-domain-to-renew cn: www.second-domain-to-renew certName: www.second-domain-to-renew wildcard: false http: true
2024-10-30T19:13:58.263Z box:cert/acme2 getCertificate: start acme flow for www.second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:13:58.269Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:14:18.304Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:14:38.327Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:14:38.328Z box:cert/acme2 getCertificate: for fqdn www.second-domain-to-renew and domain second-domain-to-renew
2024-10-30T19:14:38.329Z box:cert/acme2 Acme2: will get cert for fqdn: www.second-domain-to-renew cn: www.second-domain-to-renew certName: www.second-domain-to-renew wildcard: false http: true
2024-10-30T19:14:38.329Z box:cert/acme2 getCertificate: start acme flow for www.second-domain-to-renew from https://acme-v02.api.letsencrypt.org/directory
2024-10-30T19:14:38.333Z box:cert/acme2 Attempt 1 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:14:58.362Z box:cert/acme2 Attempt 2 failed. Will retry: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:15:18.391Z box:reverseproxy ensureCertificate: error: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org
2024-10-30T19:15:18.401Z box:tasks update 2871: {"message":"Rebuilding app configs"}
2024-10-30T19:15:18.433Z box:shell isOscpEnabled execArgs: openssl ["x509","-in","/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.cert","-noout","-ocsp_uri"]
2024-10-30T19:15:18.472Z box:reverseproxy writeAppLocationNginxConfig: writing config for "second-domain-to-renew" to /home/yellowtent/platformdata/nginx/applications/e71590ab-cf2c-43de-9160-61d78d11dde1/second-domain-to-renew.conf with options {"sourceDir":"/home/yellowtent/box","vhost":"second-domain-to-renew","hasIPv6":true,"ip":"172.18.17.116","port":80,"endpoint":"app","redirectTo":null,"certFilePath":"/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.cert","keyFilePath":"/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.key","robotsTxtQuoted":null,"cspQuoted":null,"hideHeaders":[],"proxyAuth":{"enabled":false,"id":"e71590ab-cf2c-43de-9160-61d78d11dde1","location":"/"},"upstreamUri":"","ocsp":true,"hstsPreload":false}
2024-10-30T19:15:18.484Z box:shell isOscpEnabled execArgs: openssl ["x509","-in","/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.cert","-noout","-ocsp_uri"]
2024-10-30T19:15:18.509Z box:reverseproxy writeAppLocationNginxConfig: writing config for "www.second-domain-to-renew" to /home/yellowtent/platformdata/nginx/applications/e71590ab-cf2c-43de-9160-61d78d11dde1/www.second-domain-to-renew.conf with options {"sourceDir":"/home/yellowtent/box","vhost":"www.second-domain-to-renew","hasIPv6":true,"ip":null,"port":null,"endpoint":"redirect","redirectTo":"second-domain-to-renew","certFilePath":"/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.cert","keyFilePath":"/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.key","robotsTxtQuoted":null,"cspQuoted":null,"hideHeaders":[],"proxyAuth":{"enabled":false,"id":"e71590ab-cf2c-43de-9160-61d78d11dde1","location":"/"},"upstreamUri":"","ocsp":true,"hstsPreload":false}
2024-10-30T19:15:18.510Z box:shell reload /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.cert"
2024-10-30T19:15:18.618Z box:reverseproxy writeDashboardConfig: writing dashboard config for first-domain-to-renew.com
2024-10-30T19:15:18.634Z box:shell isOscpEnabled execArgs: openssl ["x509","-in","/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert","-noout","-ocsp_uri"]
2024-10-30T19:15:18.651Z box:shell reload /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.first-domain-to-renew.com.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/second-domain-to-renew.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e6.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/www.second-domain-to-renew.cert"
2024-10-30T19:15:18.789Z box:mailserver checkCertificate: certificate has not changed
2024-10-30T19:15:18.789Z box:shell notifyCertChange /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh box
2024-10-30T19:15:18.964Z box:tasks update 2871: {"message":"Checking expired certs for removal"}
2024-10-30T19:15:18.979Z box:shell getCertificateDates execArgs: openssl ["x509","-startdate","-enddate","-subject","-noout"]
2024-10-30T19:15:18.998Z box:reverseproxy expiryDate: subject=CN = first-domain-to-renew.com notBefore=Mar  1 06:10:36 2024 GMT notAfter=May 30 06:10:35 2024 GMT daysLeft=-153.54495368055555
2024-10-30T19:15:18.998Z box:reverseproxy cleanupCerts: done
2024-10-30T19:15:18.999Z box:taskworker Task took 361.937 seconds
2024-10-30T19:15:18.999Z box:tasks setCompleted - 2871: {"result":null,"error":null}
2024-10-30T19:15:19.000Z box:tasks update 2871: {"percent":100,"result":null,"error":null}
    1 Reply Last reply
    0
    • T Offline
      T Offline
      therealwebmaster
      wrote on last edited by
      #2

      Update:
      second-domain-to-renew is configured with namecheap, wildcard config in cloudron. I also got this when i try to change the certificate type for it :

      image.png
      And my Namcheap configs look like this.

      image.png

      Something must have changed in Cloudron. Since certificate was obtained with Cloudront / Lets enscrypt and was working fine before.

      1 Reply Last reply
      0
      • T therealwebmaster referenced this topic on
      • T Offline
        T Offline
        therealwebmaster
        wrote on last edited by
        #3

        I now think it's all related to my main domain, which is with Porkbun, but can't sync with Porkbun because Cloudron is not using their new API.

        https://forum.cloudron.io/topic/12634/porkbun-critical-api-hostname-update-to-do-in-cloudron/4

        1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          The porkbun issue is fixed in 8.1

          1 Reply Last reply
          0
          • girishG girish marked this topic as a question on
          • girishG girish has marked this topic as solved on

          Hello! It looks like you're interested in this conversation, but you don't have an account yet.

          Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

          With your input, this post could be even better 💗

          Register Login
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes

          • Login
          • Don't have an account? Register
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search