Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Domain cert renewal - when ?

Domain cert renewal - when ?

Scheduled Pinned Locked Moved Solved Support
certificatesrenewal
8 Posts 5 Posters 610 Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • timconsidineT Offline
    timconsidineT Offline
    timconsidine
    App Dev
    wrote on last edited by joseph
    #1

    I have one particular domain cert expiring on Dec 20
    So just 4 days away
    I would have thought it would have renewed by now
    Either automatically or as result of manual button click
    But it fails to renew on clicking [RENEW CERTS].
    When should it happen ?
    Is manual renewal failure indicative of a problem ?

    1 Reply Last reply
    2
    • nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      It should have auto-renewed indeed. What is the error you are seeing in the renew logs of a manual renewal?

      1 Reply Last reply
      0
      • nebulonN nebulon marked this topic as a question on
      • timconsidineT Offline
        timconsidineT Offline
        timconsidine
        App Dev
        wrote on last edited by
        #3

        No errors

        Dec 16 09:03:35 box:tasks update 22263: {"percent":100,"result":null,"error":null}

        Just states not before and not after dates for the domain

        1 Reply Last reply
        0
        • J Offline
          J Offline
          joseph
          Staff
          wrote on last edited by
          #4

          @timconsidine on the server, if you do systemctl reload nginx , does it fail? Could be the certs renewed but nginx is not reloading for some reason.

          1 Reply Last reply
          0
          • timconsidineT Offline
            timconsidineT Offline
            timconsidine
            App Dev
            wrote on last edited by timconsidine
            #5

            Thank you - did that.
            Weird.
            Running in terminal echo | openssl s_client -servername domain.uk -connect domain.uk:443 2>/dev/null | openssl x509 -noout -dates gives me :

            notBefore=Oct 21 16:25:54 2023 GMT
            notAfter=Dec 29 16:25:54 2025 GMT

            Logs in Cloudron still give me :

            2024-12-16T17:40:31.065Z box:reverseproxy expiryDate: subject=CN = domain.uk notBefore=Sep 21 07:20:52 2024 GMT notAfter=Dec 20 07:20:51 2024 GMT daysLeft=3.569675173611111

            BUT ... I see this is from the section at the end of the log file 2024-12-16T17:40:30.963Z box:tasks update 22265: {"message":"Checking expired certs for removal"}

            Maybe I have been reading this wrongly.
            Apps installed under domain.uk (sub-domains) appear to be renewing correctly.
            But I don't have an app on domain.uk
            Is this why it is showing as expiring in 3 days ?

            I can understand that …. Except the direct terminal command shows a different expiry.

            I’m not getting something and probably exposing my ignorance 😂

            1 Reply Last reply
            0
            • girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #6

              @timconsidine if you have no app installed in that domain, it's not going to renew. Cloudron will also not remove them before expiry time. This is because if you install an app in that domain before it expires, it can reuse the cert.

              1 Reply Last reply
              1
              • timconsidineT Offline
                timconsidineT Offline
                timconsidine
                App Dev
                wrote on last edited by
                #7

                Thanks @girish
                I don’t remember ever having an app on the bare domain.
                But then some days I don’t even remember my own name.

                scookeS 1 Reply Last reply
                1
                • timconsidineT timconsidine

                  Thanks @girish
                  I don’t remember ever having an app on the bare domain.
                  But then some days I don’t even remember my own name.

                  scookeS Offline
                  scookeS Offline
                  scooke
                  wrote on last edited by
                  #8

                  @timconsidine said in Domain cert renewal - when ?:

                  I don’t even remember my own name.

                  Your name is Timcon S'idine, just in case.

                  A life lived in fear is a life half-lived

                  1 Reply Last reply
                  1
                  • J joseph has marked this topic as solved on
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                  • Login

                  • Don't have an account? Register

                  • Login or register to search.
                  • First post
                    Last post
                  0
                  • Categories
                  • Recent
                  • Tags
                  • Popular
                  • Bookmarks
                  • Search