Managing SSL certs via Cloudron CLI

ei8fdb

I need to renew expired SSL certs, from the commandline as I do not have access to the my.cloudron-instance interface.

I cannot figure out a) where the cloudron CLI is, and 2) if I can renew the SSL certs via CLI.

Can someone help me with this? Thanks.

mehdi

@ei8fdb No, the cloudron CLI does not allow to do this. Cloudron should renew the certs by itself if they are expired.

ei8fdb

@mehdi Ah no. I was worried that was the answer.

Here is my situation: my server lost internet access, the SSL certs expired, and I now cannot get access to the web interface because the certs are expired and my browser (correctly) won't allow me to browse to the URL.

What can I do? I have SSH access to my server, and web access but as I said I can't access it.

mehdi

@ei8fdb it should renew the certs by itself as soon as:

• it has regained internet access
• the DNS correctly points to its (new?) IP address.

You shouldn't have to do anything besides making sure of those 2 things.

You can also try rebooting the server to force triggering the checking of cert renewal.

Besides that, if it does not have valid certs ~5/10min after reboot, you should try checking logs if there's something obvious going on : https://docs.cloudron.io/troubleshooting/#logs

If all this fail, I'm out of my depth ^^

ei8fdb

@mehdi said in Managing SSL certs via Cloudron CLI:

it should renew the certs by itself as soon as:

it has regained internet access

Yup, it's got connection again.

the DNS correctly points to its (new?) IP address.

DNS points to the same IP (static IP)

You shouldn't have to do anything besides making sure of those 2 things.

Ah. I didn't expect cloudron to renew expired certs. So this might still happen.

You can also try rebooting the server to force triggering the checking of cert renewal.

I'm reluctant to reboot as I don't have hands at the server now.

Besides that, if it does not have valid certs ~5/10min after reboot

It's been up ~ 1 hour so far.

you should try checking logs if there's something obvious going on : https://docs.cloudron.io/troubleshooting/#logs

Do you have suggestion for which logs to focus on? I'm looking in box.log and I don't see anything relevant.

If all this fail, I'm out of my depth ^^

thanks for your help so far. I've learned something new

ei8fdb

@mehdi Update! I've connected to my.cloudron-instance URL via Tor and I can log in to the admin interface.

I think it's either 1) expired cert cached in my browser, or 2) accessing it via an IP I've not connected via before.

Right now it's renewing all the certs.

Thanks for your help. And thank you Cloudron for auto-renewing certs.

girish

@ei8fdb In the future, you can always "accept" the self-signed certs, login to the dashboard and then go to Domains -> Renew all certs.

mehdi

@girish said in Managing SSL certs via Cloudron CLI:

you can always "accept" the self-signed certs

I think there was a problem with HSTS blocking this

nebulon

@mehdi it would, for this you have to "forget" the page in your browser (at least that is what firefox history calls the action, not sure about chrome)

fbartels

@nebulon said in Managing SSL certs via Cloudron CLI:

you have to "forget" the page in your browser

yes, or visit the site in an incognito session. Clearing these entries from the profile in Chrome is slightly more complicated, but doable as well.

https://msutexas.edu/library/clearhsts.php