Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Managing SSL certs via Cloudron CLI

Scheduled Pinned Locked Moved Solved Support
certificates
10 Posts 5 Posters 948 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ei8fdbE Offline
    ei8fdbE Offline
    ei8fdb
    wrote on last edited by girish
    #1

    I need to renew expired SSL certs, from the commandline as I do not have access to the my.cloudron-instance interface.

    I cannot figure out a) where the cloudron CLI is, and 2) if I can renew the SSL certs via CLI.

    Can someone help me with this? Thanks. 🙏

    mehdiM 1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to ei8fdb on last edited by
    #2

    @ei8fdb No, the cloudron CLI does not allow to do this. Cloudron should renew the certs by itself if they are expired.

    ei8fdbE 1 Reply Last reply
    0
  • ei8fdbE Offline
    ei8fdbE Offline
    ei8fdb
    replied to mehdi on last edited by
    #3

    @mehdi Ah no. I was worried that was the answer.

    Here is my situation: my server lost internet access, the SSL certs expired, and I now cannot get access to the web interface because the certs are expired and my browser (correctly) won't allow me to browse to the URL.

    What can I do? I have SSH access to my server, and web access but as I said I can't access it.

    mehdiM 1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to ei8fdb on last edited by
    #4

    @ei8fdb it should renew the certs by itself as soon as:

    • it has regained internet access
    • the DNS correctly points to its (new?) IP address.

    You shouldn't have to do anything besides making sure of those 2 things.

    You can also try rebooting the server to force triggering the checking of cert renewal.

    Besides that, if it does not have valid certs ~5/10min after reboot, you should try checking logs if there's something obvious going on : https://docs.cloudron.io/troubleshooting/#logs

    If all this fail, I'm out of my depth ^^

    ei8fdbE 1 Reply Last reply
    1
  • ei8fdbE Offline
    ei8fdbE Offline
    ei8fdb
    replied to mehdi on last edited by ei8fdb
    #5

    @mehdi said in Managing SSL certs via Cloudron CLI:

    it should renew the certs by itself as soon as:

    it has regained internet access

    Yup, it's got connection again.

    the DNS correctly points to its (new?) IP address.

    DNS points to the same IP (static IP)

    You shouldn't have to do anything besides making sure of those 2 things.

    Ah. I didn't expect cloudron to renew expired certs. So this might still happen.

    You can also try rebooting the server to force triggering the checking of cert renewal.

    I'm reluctant to reboot as I don't have hands at the server now.

    Besides that, if it does not have valid certs ~5/10min after reboot

    It's been up ~ 1 hour so far.

    you should try checking logs if there's something obvious going on : https://docs.cloudron.io/troubleshooting/#logs

    Do you have suggestion for which logs to focus on? I'm looking in box.log and I don't see anything relevant.

    If all this fail, I'm out of my depth ^^

    thanks for your help so far. I've learned something new 🙂

    ei8fdbE 1 Reply Last reply
    0
  • ei8fdbE Offline
    ei8fdbE Offline
    ei8fdb
    replied to ei8fdb on last edited by
    #6

    @mehdi Update! I've connected to my.cloudron-instance URL via Tor and I can log in to the admin interface. 🎉

    I think it's either 1) expired cert cached in my browser, or 2) accessing it via an IP I've not connected via before.

    Right now it's renewing all the certs.

    Thanks for your help. 👍 And thank you Cloudron for auto-renewing certs.

    girishG 1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to ei8fdb on last edited by
    #7

    @ei8fdb In the future, you can always "accept" the self-signed certs, login to the dashboard and then go to Domains -> Renew all certs.

    mehdiM 1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to girish on last edited by
    #8

    @girish said in Managing SSL certs via Cloudron CLI:

    you can always "accept" the self-signed certs

    I think there was a problem with HSTS blocking this

    nebulonN 1 Reply Last reply
    1
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    replied to mehdi on last edited by
    #9

    @mehdi it would, for this you have to "forget" the page in your browser (at least that is what firefox history calls the action, not sure about chrome)

    fbartelsF 1 Reply Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to nebulon on last edited by fbartels
    #10

    @nebulon said in Managing SSL certs via Cloudron CLI:

    you have to "forget" the page in your browser

    yes, or visit the site in an incognito session. Clearing these entries from the profile in Chrome is slightly more complicated, but doable as well.

    https://msutexas.edu/library/clearhsts.php

    1 Reply Last reply
    0
  • scookeS scooke referenced this topic on

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.