Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Certificate renewals and app updates fail -- D.O. API expired



  • This isn't so much a problem I need help with, but rather sharing something I didn't immediately find in a site search. I fixed my own problem, so now it's a suggestion. 🙂

    I experienced a certificate error for the domain upon which my Cloudron control panel happily resides. No amount of irritable gesticulating could make it work -- I'd try to force certificate renewals only to see the control panel go offline and prove unable to connect. Logs weren't especially useful, either. I had to reboot the server from the shell to make things work again.

    When I tried updating one specific app and it gave me a 500 error on the Digital Ocean side, it occurred to me that the API credentials must have expired. Which, as it happens, proved to be the case. I generated a new set, added it, and viola! life is good.

    I wonder if we can have a better way of uncovering expired DNS API connections? Perhaps a check before a certificate upgrade that flags a plain-English error?


  • Staff

    @jegillikin Thanks for the report. Cloudron already has code to handle expired tokens but clearly it's not working. I have to check and get back as to why it's not working.


  • Staff

    Started testing this a bit. In the location UI, the error is handled:

    52873b3d-c7b8-46e7-94ce-68cd0a395fc1-image.png

    In the install UI also the error is handled:
    3a1d239d-93b9-4a55-b8b5-973c547a08c0-image.png

    Existing app operation fails:
    1aea73d6-acd4-4713-878b-72a7e3cd6366-image.png

    The cert renewal code also does not crash. I wonder if the error was something else.


  • Staff

    @jegillikin said in Certificate renewals and app updates fail -- D.O. API expired:

    When I tried updating one specific app and it gave me a 500 error on the Digital Ocean side,

    Ah! The DO API returned 500.. I wonder if they had some issue with some bad token and this ended causing Cloudron code problems.

    In any case, if you hit this again, let me know.



  • @girish Will do. It's actually not the first time I've run into the problem and a re-fresh of the API credentials solved the problem, although this is the first time I specifically observed that it was a 500 error vs. a 401.