Let's Encrypt Didn't seem to auto-renew

nebulon

@BrutalBirdie right that kill fix will be part only for next release, however we have by now also seen Cloudrons on Ubuntu 20 hitting a cert renew or reload issue. So its only part of the fix it seems.

humptydumpty

I’m on v7.3.4 (Ubuntu 22.04.1 LTS), contabo vps, automated cloudflare dns w/ no proxying enabled.

girish

If anyone with this situation, can contact us on support@cloudron.io, I think we debug this further. I check around 20 servers we have access to but they seem to updating the certs just fine. Maybe some specific cert provider is having issues.

jdaviescoates

@girish fyi I hit this recently for a Wildcard DNS on 18.04. The Gandi API ones on the same server seemed to update fine.

robi

@jdaviescoates that's a good pivoting data point @jdaviescoates , mine is a wildcard setup too. Likely something specific to that branch of code..

jdaviescoates

@robi I thought so too, but this has just happened to me on one of my Gandi LiveDNS domains on a Cloudron running on Ubuntu 20.04 too

jagan

@girish Had this issue too. Will drop a mail later today.

nj

I can confirm the issue. Certificate of other domains added to Cloudron aren't renewed. Primary domain seems to be renewed.

Some certs are due 4 days. Good thing I had alerts enabled so I got notified.

Domain provider is Wildcard. Both domain.tld and *.domain.tld point to the cloudron (since last 1-2 years).

Renew all Certs shows "Configuring apps .. or something" and the progressbar disappears.

• "Show Logs" shows empty window.
• Download full logs -> 1 byte empty file

girish

@nj the logs thing is fixed in 7.3.5. Can you update and check?

But there is still the underlying problem of certs not renewing sometimes with 7.3.

jordanurbs

Also having this issue for several domains on my cloudron.

Manually renewing all certs, restarting apps, deleting browser cookies, nothing is fixing it.

My cloudron is on Ubuntu 20

girish

Wanted to update this thread. We found the issue, we will make a release with a fix (7.3.6) asap.

jaschaezra

@girish Thank you! I just came to report the same issue and was delighted that already had been taking care of! Great work!

girish

7.3.6 is out now which should fix this, rolling out slowly.

humptydumpty

@girish I know updates are rolled out alphabetically but is it based on the installed subdomain (ex: rambo.domain.com) or the bare domain?

girish

@humptydumpty iirc, it's on the primary domain i.e installed subdomain.

jdaviescoates

@girish that isn't very clear!

I think it's surely based on the domain name used for my.domain.tld, no?

i.e.

my.aaaaa.tld gets updated before
my.bbbbb.tld
....
my.zzzzz.tld

That's been my experience anyway.

girish

@jdaviescoates yes, that's the primary domain in cloudron terminology

jordanurbs

@girish I've still got problems after updating.

I'm assuming a manual certificate is my only option from here

girish

@jordanurbs what problem are you facing exactly? Click on the renew all button and post the logs, please.

matix131997

Hello,

I also report a problem with the certificate having on the domain yyy.xxx.tld
I noticed that the problem is common in many browsers - Firefox, Chrome, Brave and Vivaldi on the computer - the error pops up, and on Edge there is no error. On mobile devices - there is an error on all browsers.

Feb 03 10:18:41 box:tasks update 15: {"percent":51,"message":"Ensuring certs of my.yyy.xxx.tld"}
Feb 03 10:18:41 box:reverseproxy providerMatchesSync: subject=CN = *.yyy.xxx.tld domain=*.yyy.xxx.tld issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963
Feb 03 10:18:41 box:reverseproxy needsRenewal: false. force: false
Feb 03 10:18:41 box:reverseproxy ensureCertificate: my.yyy.xxx.tld acme cert exists and is up to date