Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    How can I trigger a certbot renewal when the web dashboard is unavailable?

    Support
    certificates dashboard letsencrypt
    3
    4
    265
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wu-lee last edited by girish

      For whatever reason, my Cloudron server's dashboard no longer works. There is an error in the browser saying

      Firefox detected a potential security threat and did not continue to <redacted co-op> because this web site requires a secure connection.

      <redacted> has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.

      Under advanced it says:

      <redacted> uses an invalid security certificate.

      The certificate is not trusted because it is self-signed.

      If I view the certificate, I see it is a wildcard cert with an expiry date in the distant future, so I suspect this is Cloudron's self-signed fallback certificate.

      My first thought is to renew the certificate using Let's Encrypt. However, all the documentation I can find on this for Cloudron assumes you can access the web dashboard, which I can't.

      Normally I would just do this on the terminal, but I don't know how to do this in a way which will accord with what Cloudron does normally. I can't see a timer job which runs a certbot script, for example.

      So is there a way I can manually start the certbot renewal from the terminal?

      And I would guess enabling HSTS makes the fall-back certificate unusable in any case?

      Thanks

      1 Reply Last reply Reply Quote 0
      • yusf
        yusf last edited by

        There are a few tricks you can try, here.

        Nice coop btw 😃

        W 1 Reply Last reply Reply Quote 0
        • W
          wu-lee @yusf last edited by

          @yusf Oh. Doh. Thanks.

          So I've worked around this by telling Firefox to "Forget this host" (right-click on an URL to get this option in the history tab), and thereby got to the web console that way.

          However, it could still be handy to know how to trigger the renewal from the terminal, as this might not be the only case when you'd need to do it.

          girish 1 Reply Last reply Reply Quote 1
          • girish
            girish Staff @wu-lee last edited by

            @wu-lee do you know why it had failed to renew previously?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Powered by NodeBB