Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Unsolved Can't renew SSL certificate

    Support
    letsencrypt dns certificates
    2
    4
    418
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andrewj720 last edited by girish

      When trying to renew Let's Encrypt certificates via Cloudron's Domains page, I press Renew All Certs, and no error message is printed in the the browser when the process seems complete, but when checking logs it seems the update has failed.

      Sep 22 16:17:59 box:shell startMail (stderr):
      Sep 22 16:17:59 box:reverseproxy ensureCertificate: renewal of my.arj.rocks failed. using fallback certificates for arj.rocks
      Sep 22 16:17:59 box:tasks 791: {"percent":34,"message":"Renewing certs of nextcloud.arj.rocks"}
      Sep 22 16:17:59 box:reverseproxy ensureCertificate: nextcloud.arj.rocks certificate already exists at /home/yellowtent/boxdata/certs/_.arj.rocks.key
      Sep 22 16:17:59 box:reverseproxy isExpiringSync: /home/yellowtent/boxdata/certs/_.arj.rocks.cert Certificate will expire 1
      Sep 22 16:17:59 box:reverseproxy ensureCertificate: nextcloud.arj.rocks cert require renewal
      Sep 22 16:17:59 box:reverseproxy ensureCertificate: getting certificate for nextcloud.arj.rocks with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"[redacted]@gmail.com"}
      Sep 22 16:17:59 box:cert/acme2 getCertificate: attempt 1
      Sep 22 16:17:59 box:cert/acme2 getCertificate: start acme flow for nextcloud.arj.rocks from https://acme-v02.api.letsencrypt.org/directory
      Sep 22 16:17:59 box:cert/acme2 getCertificate: will get wildcard cert for *.arj.rocks
      Sep 22 16:17:59 box:cert/acme2 getCertificate: attempt 2
      Sep 22 16:17:59 box:cert/acme2 getCertificate: start acme flow for nextcloud.arj.rocks from https://acme-v02.api.letsencrypt.org/directory
      Sep 22 16:17:59 box:cert/acme2 getCertificate: will get wildcard cert for *.arj.rocks
      Sep 22 16:17:59 box:cert/acme2 getCertificate: attempt 3
      Sep 22 16:17:59 box:cert/acme2 getCertificate: start acme flow for nextcloud.arj.rocks from https://acme-v02.api.letsencrypt.org/directory
      Sep 22 16:17:59 box:cert/acme2 getCertificate: will get wildcard cert for *.arj.rocks
      Sep 22 16:17:59 box:reverseproxy ensureCertificate: error: Network error getting directory: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org acme-v02.api.letsencrypt.org:443 cert: null
      

      I've checked my firewall settings and ports 443 and 80 are open. I also tried again after disabling the firewall, the error is replicated.

      Any ideas what I need to do to renew certs?

      Many thanks

      1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        @andrewj720 said in Can't renew SSL certificate:

        Sep 22 16:17:59 box:reverseproxy ensureCertificate: error: Network error getting directory: getaddrinfo EAI_AGAIN acme-v02.api.letsencrypt.org acme-v02.api.letsencrypt.org:443 cert: null

        It seems there is some DNS error. Do you have any special DNS setup? Does the following command work on your server?

        host acme-v02.api.letsencrypt.org 127.0.0.1
        

        If not, you can try restarting unbound using sudo systemctl restart unbound and try the command again.

        A 1 Reply Last reply Reply Quote 0
        • A
          andrewj720 @girish last edited by andrewj720

          @girish No success unfortunately. I get:

          root@cloudron:~# host acme-v02.api.letsencrypt.org 127.0.0.1
          ;; connection timed out; no servers could be reached
          
          

          And the same after running

          sudo systemctl restart unbound
          
          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff last edited by

            @andrewj720 Looks like DNS is not working on your server. You can also try host cloudron.io etc, I guess none of it working?

            Can you check if your cloud firewall allows outbound port 53 UDP ? I think there was a post on this forum some time ago that someone had it blocked in AWS security group by mistake, for example.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Powered by NodeBB