Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Managing SSL certs via Cloudron CLI

    Support
    certificates
    5
    10
    791
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ei8fdb
      ei8fdb last edited by girish

      I need to renew expired SSL certs, from the commandline as I do not have access to the my.cloudron-instance interface.

      I cannot figure out a) where the cloudron CLI is, and 2) if I can renew the SSL certs via CLI.

      Can someone help me with this? Thanks. 🙏

      mehdi 1 Reply Last reply Reply Quote 0
      • mehdi
        mehdi App Dev @ei8fdb last edited by

        @ei8fdb No, the cloudron CLI does not allow to do this. Cloudron should renew the certs by itself if they are expired.

        ei8fdb 1 Reply Last reply Reply Quote 0
        • ei8fdb
          ei8fdb @mehdi last edited by

          @mehdi Ah no. I was worried that was the answer.

          Here is my situation: my server lost internet access, the SSL certs expired, and I now cannot get access to the web interface because the certs are expired and my browser (correctly) won't allow me to browse to the URL.

          What can I do? I have SSH access to my server, and web access but as I said I can't access it.

          mehdi 1 Reply Last reply Reply Quote 0
          • mehdi
            mehdi App Dev @ei8fdb last edited by

            @ei8fdb it should renew the certs by itself as soon as:

            • it has regained internet access
            • the DNS correctly points to its (new?) IP address.

            You shouldn't have to do anything besides making sure of those 2 things.

            You can also try rebooting the server to force triggering the checking of cert renewal.

            Besides that, if it does not have valid certs ~5/10min after reboot, you should try checking logs if there's something obvious going on : https://docs.cloudron.io/troubleshooting/#logs

            If all this fail, I'm out of my depth ^^

            ei8fdb 1 Reply Last reply Reply Quote 1
            • ei8fdb
              ei8fdb @mehdi last edited by ei8fdb

              @mehdi said in Managing SSL certs via Cloudron CLI:

              it should renew the certs by itself as soon as:

              it has regained internet access

              Yup, it's got connection again.

              the DNS correctly points to its (new?) IP address.

              DNS points to the same IP (static IP)

              You shouldn't have to do anything besides making sure of those 2 things.

              Ah. I didn't expect cloudron to renew expired certs. So this might still happen.

              You can also try rebooting the server to force triggering the checking of cert renewal.

              I'm reluctant to reboot as I don't have hands at the server now.

              Besides that, if it does not have valid certs ~5/10min after reboot

              It's been up ~ 1 hour so far.

              you should try checking logs if there's something obvious going on : https://docs.cloudron.io/troubleshooting/#logs

              Do you have suggestion for which logs to focus on? I'm looking in box.log and I don't see anything relevant.

              If all this fail, I'm out of my depth ^^

              thanks for your help so far. I've learned something new 🙂

              ei8fdb 1 Reply Last reply Reply Quote 0
              • ei8fdb
                ei8fdb @ei8fdb last edited by

                @mehdi Update! I've connected to my.cloudron-instance URL via Tor and I can log in to the admin interface. 🎉

                I think it's either 1) expired cert cached in my browser, or 2) accessing it via an IP I've not connected via before.

                Right now it's renewing all the certs.

                Thanks for your help. 👍 And thank you Cloudron for auto-renewing certs.

                girish 1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff @ei8fdb last edited by

                  @ei8fdb In the future, you can always "accept" the self-signed certs, login to the dashboard and then go to Domains -> Renew all certs.

                  mehdi 1 Reply Last reply Reply Quote 0
                  • mehdi
                    mehdi App Dev @girish last edited by

                    @girish said in Managing SSL certs via Cloudron CLI:

                    you can always "accept" the self-signed certs

                    I think there was a problem with HSTS blocking this

                    nebulon 1 Reply Last reply Reply Quote 1
                    • nebulon
                      nebulon Staff @mehdi last edited by

                      @mehdi it would, for this you have to "forget" the page in your browser (at least that is what firefox history calls the action, not sure about chrome)

                      fbartels 1 Reply Last reply Reply Quote 0
                      • fbartels
                        fbartels App Dev @nebulon last edited by fbartels

                        @nebulon said in Managing SSL certs via Cloudron CLI:

                        you have to "forget" the page in your browser

                        yes, or visit the site in an incognito session. Clearing these entries from the profile in Chrome is slightly more complicated, but doable as well.

                        https://msutexas.edu/library/clearhsts.php

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Powered by NodeBB