How can I trigger a certbot renewal when the web dashboard is unavailable?
-
For whatever reason, my Cloudron server's dashboard no longer works. There is an error in the browser saying
Firefox detected a potential security threat and did not continue to <redacted co-op> because this web site requires a secure connection.
<redacted> has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
Under advanced it says:
<redacted> uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
If I view the certificate, I see it is a wildcard cert with an expiry date in the distant future, so I suspect this is Cloudron's self-signed fallback certificate.
My first thought is to renew the certificate using Let's Encrypt. However, all the documentation I can find on this for Cloudron assumes you can access the web dashboard, which I can't.
Normally I would just do this on the terminal, but I don't know how to do this in a way which will accord with what Cloudron does normally. I can't see a timer job which runs a certbot script, for example.
So is there a way I can manually start the certbot renewal from the terminal?
And I would guess enabling HSTS makes the fall-back certificate unusable in any case?
Thanks
-
@yusf Oh. Doh. Thanks.
So I've worked around this by telling Firefox to "Forget this host" (right-click on an URL to get this option in the history tab), and thereby got to the web console that way.
However, it could still be handy to know how to trigger the renewal from the terminal, as this might not be the only case when you'd need to do it.
-