Failed LE Certs due to DNS config change
I have a few domains that generate these failures now because they expired and the registrar re-pointed their DNS away from Cloudron.
If there was a check to validate DNS before the error and notification is generated, the message would be much more useful and the constant retries could be stopped until DNS is back.
Stop getting certs until then.
Step up in intelligence.
@robi the next release will be less noisy about temporarily failing cert renewals. It will only raise warnings if it is actually timely urgent. So I guess your case would also be covered since by the time the cert expires your DNS records would be fine again.
@nebulon No, as some of these domains we don't control. If they choose not to renew, they should go into a different state.
@robi not sure I understand, so you are saying those are domains added to the Cloudron but with wildcard or manual DNS backend and thus the renewal fails because the records don't point to the Cloudron anymore? If this is the case, why have them on the Cloudron in the first place and probably more importantly why are there apps installed using them, which is why a renewal of certs would be triggered.
Customer wants domain hosted for any reason, let's say WP. At some point they either point the domain someplace else, or it expires and the registrar repoints to it's own DNS servers which point to parking servers.
There's no "heads up" or customer contact that this has happened, just errors on our side.
This could be more graceful.
d19dotca last edited by
@robi So in other words, you're wanting Cloudron to essentially notify you if it notices that registered domain names used on the Cloudron instance are pointed away from the server? In other words, a period check (like once a day or something) that notifies admins?
@d19dotca as I understand it, I also think this is not so much related to the cert renewal, but the failure to do so is just the symptom.
Right, if Cloudron is no longer in control of a domain, switch that domain to manual or No-OP so all the other expected things don't keep failing.