Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Custom Wildcard certificate falling back to self-signed

    Support
    certificates
    2
    3
    183
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Peter Newman last edited by girish

      We are attempting to use a wildcard cert for one of our domains.

      I attempted using the key and cert as provided (no ca chain), which the UI accepted, but then on restart, all subdomains were using self-signed certs.

      After working around HSTS, I was able to get back into the system and switch back to Lets Encrypt.

      Next, I tried including the ca bundle in the cert file. When I did it the wrong way around (ca certs before the wildcard cert), the UI reported an error. When done the other way (as per NGINX documentation), the UI accepted the cert. However, all subdomains were using a self-signed cert again.

      The renewcerts log showed an error along the lines of "null certificate, falling back to self-signed". Unfortunately, I didn't capture the logs at the time, and the available history doesn't go back that far.

      I've tried various certificate inspection tools, that have reported the certificate as valid. This is the same provider we use for providing wildcard certs for non-Cloudron domains, that we SSL-terminate with NGINX, which is why I thought to try the ca-bundle inclusion.

      Can anyone provide any insight into why this would have failed in this manner?

      1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        @Peter-Newman did you manage to narrow this down any further? I can't think of an obvious reason this will happen. Please ping this thread again if you hit this issue.

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff last edited by

          This is fixed in 5.5

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Powered by NodeBB