Let's Encrypt Didn't seem to auto-renew
-
I can confirm the issue. Certificate of other domains added to Cloudron aren't renewed. Primary domain seems to be renewed.
Some certs are due 4 days. Good thing I had alerts enabled so I got notified.
Domain provider is Wildcard. Both domain.tld and *.domain.tld point to the cloudron (since last 1-2 years).
Renew all Certs shows "Configuring apps .. or something" and the progressbar disappears.
- "Show Logs" shows empty window.
- Download full logs -> 1 byte empty file
-
Also having this issue for several domains on my cloudron.
Manually renewing all certs, restarting apps, deleting browser cookies, nothing is fixing it.
My cloudron is on Ubuntu 20
-
-
-
@girish I know updates are rolled out alphabetically but is it based on the installed subdomain (ex: rambo.domain.com) or the bare domain?
-
@humptydumpty iirc, it's on the primary domain i.e installed subdomain.
-
@jdaviescoates yes, that's the primary domain in cloudron terminology
-
@jordanurbs what problem are you facing exactly? Click on the renew all button and post the logs, please.
-
Hello,
I also report a problem with the certificate having on the domain yyy.xxx.tld
I noticed that the problem is common in many browsers - Firefox, Chrome, Brave and Vivaldi on the computer - the error pops up, and on Edge there is no error. On mobile devices - there is an error on all browsers.Feb 03 10:18:41 box:tasks update 15: {"percent":51,"message":"Ensuring certs of my.yyy.xxx.tld"} Feb 03 10:18:41 box:reverseproxy providerMatchesSync: subject=CN = *.yyy.xxx.tld domain=*.yyy.xxx.tld issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963 Feb 03 10:18:41 box:reverseproxy needsRenewal: false. force: false Feb 03 10:18:41 box:reverseproxy ensureCertificate: my.yyy.xxx.tld acme cert exists and is up to date
-
@matix131997 have you tried domains -> renew all certs already?
-
@matix131997 per the logs atleast, the certs are fine (from yesterday)
Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963
Have you tried clearing the browser cache? If you like, you can also send us the domain to support@cloudron.io and we can check on our end.
-
@girish Yes these are the certificates issued yesterday, because I put the server back up last night to move the applications from the old server. It was fine with the certificate until this morning. At work, the certificate started failing. I did a certificate refresh several times, cleared the browser and tests on several office devices and the error continues to appear.
EDIT: Now I reinstalled Cloudron but with manual settings for the domain with a Polish provider and it works fine so far. The certificate generates and displays without error. We will see in a few hours.
-
@girish
I seem to have found the cause. It is probably related to the API of the domain providers. I did a test with 3 providers.Hetzner DNS - no problem
GoDaddy - problem
Manual (domeny.tv) - no problemEDIT: Sorry for the edit. One more test I did I used the domain that is in GoDaddy, having my.yyy.xxx-xxx.tld for manual settings. An error appears with the certificate! I have a feeling it's a problem with GoDaddy DNS or by the "-" in the domain.
-
@matix131997 said in Let's Encrypt Didn't seem to auto-renew:
GoDaddy,
Sounds like yet another reason to avoid GoDaddy like the plague
-
In my case, my certificate failed because when Let's Encrypt was trying to confirm the TXT records with my domain manager, Digital Ocean, and for some reason, the TXT record content had double-quotes around them. So I had to login to Digital Ocean, find the TXT record, and updated it by removing the double-quotes at start and end.
I found out this by logging into my Cloudron dashboard - which is expired - using a browser that allowed me to do that. Once I logged in to the dashboard, I renewed the certificate manually. While it was failing (due to extra double-quotes), I opened the log and inspected it, and was able to see that the double-quotes were causing the issue.