Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED cloudron certs update API doesn't work

    Support
    api certificates
    3
    9
    132
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_ai
      potemkin_ai last edited by girish

      Hello,

      I used to use Cloudron API to initiate certificates update under some special conditions:

      curl -k -X POST -H 'Content-Type: application/json' -H "authorization: Bearer $token" --data '{"domain": "'$dns_host_name'"}' https://$dns_host_name/api/v1/cloudron/renew_certs

      But it seems like stopped working, seems like it could happen around v7 release - no certificates are updated and here is all I'm getting at the logs now:

      Nov 26 06:06:04 box:settings initCache: pre-load settings
Nov 26 06:06:04 box:taskworker Starting task 1453. Logs are at /home/yellowtent/platformdata/logs/tasks/1453.log
Nov 26 06:06:04 box:reverseproxy renewCerts: Renewed certs of []
Nov 26 06:06:04 box:reverseproxy cleanupCerts: start
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/cloud.my.domain.com.cert notAfter=Dec 3 11:00:57 2021 GMT daysLeft=7.329767881944444
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/default.cert notAfter=Jul 15 16:25:07 2023 GMT daysLeft=596.5548835532408
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/my.domain.com.host.cert notAfter=Jul 15 16:28:39 2023 GMT daysLeft=596.557337199074
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/fp.my.domain.com.cert notAfter=Dec 2 23:01:02 2021 GMT daysLeft=6.8298255324074075
Nov 26 06:06:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/my.my.domain.com.cert notAfter=Dec 3 11:00:41 2021 GMT daysLeft=7.329582418981482
Nov 26 06:06:05 box:reverseproxy cleanupCerts: done
Nov 26 06:06:05 box:taskworker Task took 0.186 seconds
Nov 26 06:06:05 box:tasks setCompleted - 1453: {"result":null,"error":null}
Nov 26 06:06:05 box:tasks update 1453: {"percent":100,"result":null,"error":null}

      When I click the button to renew certificate from the web - it does everything right, like it shall be and the logs are much much bigger.

      P.S. please, ignore **my.my.**domain.com - it's an artifact of search & replace for an actual domain.

      girish 2 Replies Last reply Reply Quote 0
      • girish
        girish Staff @potemkin_ai last edited by girish

        @potemkin_ai The endpoint /api/v1/cloudron/renew_certs is correct and so is the POST data that you are sending it. I think the logs that you are showing is for some other task tough. What is the response of the POST request? This will give a task id and then you can go into /home/yellowtent/platformdata/logs/tasks/{taskid}.log

        scooke potemkin_ai 2 Replies Last reply Reply Quote 0
        • scooke
          scooke @girish last edited by

          @girish If everything is correct they may have tried to do this during the most recent Let's Encrypt downtime. It lasted awhile.

          A life lived in fear is a life half-lived

          potemkin_ai 1 Reply Last reply Reply Quote 0
          • potemkin_ai
            potemkin_ai @girish last edited by

            @girish don't think it's for another task:

            I'm checking the URL of the following format:
            https://my.domain/logs.html?taskId=

            where task id is what I'm getting in responce to the following query:

            curl -k -X POST -H 'Content-Type: application/json' -H "authorization: Bearer $token" --data '{"domain": "'$dns_host_name'"}' https://$dns_host_name/api/v1/cloudron/renew_certs

            And when I open that log it says 'checkCerts'.

            But, as I mentioned, the amount of tasks that are done with my POST query and what system is doing is really different and with my POST query nothing really happens.

            /home/yellowtent/platformdata/logs/tasks/{taskid}.log is exactly what I saw via the web console and shared earlier.

            It's quite a breaking change for me - any chance you can look at it?

            potemkin_ai 1 Reply Last reply Reply Quote 0
            • potemkin_ai
              potemkin_ai @scooke last edited by

              @scooke thanks for the idea, but nope - I tried my script and cloudron button at the same time; POST request didn't even initiated certificates updates, as you can see in my logs earlier.

              1 Reply Last reply Reply Quote 1
              • potemkin_ai
                potemkin_ai @potemkin_ai last edited by

                @girish , really need help here

                girish 1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff @potemkin_ai last edited by girish

                  @potemkin_ai Looking back at the initial post, it seems that the query/curl is working fine. Cloudron will only renew the certs if they are expiring in a month. Calling /api/v1/cloudron/renew_certs does not mean that it will forcefully renew certs. It means "renew if needed". The logs are sparse because the certs were not expiring in a month, I am guessing, when you made the API call.

                  I can also confirm the 'checkCerts' in the log viewer is correct. Not sure where all this leaves us, does it answer your initial question?

                  1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff @potemkin_ai last edited by

                    @potemkin_ai said in cloudron certs update API doesn't work:

                    --data '{"domain": "'$dns_host_name'"}'"

                    The above does not seem correct. There is an extra single quote around '$dns_host_name'. This will result in "domain": "'some.domain'". This will in turn make code filter by this domain name and the single quote will make it not renew anything. Maybe this is what you were hitting? You can actually just pass --data "{}" to try to renew everything. No need to pass any domain as such unless you want to restrict to a specific domain.

                    potemkin_ai 1 Reply Last reply Reply Quote 0
                    • potemkin_ai
                      potemkin_ai @girish last edited by

                      @girish thank you, the output is different now, so I hope that will work.

                      I took that API call from my forum request earlier, but I guess there was a misunderstanding the API call example was for the specific domain, not to update them all.

                      Thanks for your assistance!

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post
                      Powered by NodeBB