Let's Encrypt Didn't seem to auto-renew

girish

@jordanurbs what problem are you facing exactly? Click on the renew all button and post the logs, please.

matix131997

Hello,

I also report a problem with the certificate having on the domain yyy.xxx.tld
I noticed that the problem is common in many browsers - Firefox, Chrome, Brave and Vivaldi on the computer - the error pops up, and on Edge there is no error. On mobile devices - there is an error on all browsers.

Feb 03 10:18:41 box:tasks update 15: {"percent":51,"message":"Ensuring certs of my.yyy.xxx.tld"}
Feb 03 10:18:41 box:reverseproxy providerMatchesSync: subject=CN = *.yyy.xxx.tld domain=*.yyy.xxx.tld issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963
Feb 03 10:18:41 box:reverseproxy needsRenewal: false. force: false
Feb 03 10:18:41 box:reverseproxy ensureCertificate: my.yyy.xxx.tld acme cert exists and is up to date

girish

@matix131997 have you tried domains -> renew all certs already?

matix131997

@girish Yes

girish

@matix131997 per the logs atleast, the certs are fine (from yesterday)

Feb 03 10:18:41 box:reverseproxy expiryDate: subject=CN = *.yyy.xxx.tld notBefore=Feb 2 16:20:50 2023 GMT notAfter=May 3 16:20:49 2023 GMT daysLeft=89.2931378587963

Have you tried clearing the browser cache? If you like, you can also send us the domain to support@cloudron.io and we can check on our end.

matix131997

@girish Yes these are the certificates issued yesterday, because I put the server back up last night to move the applications from the old server. It was fine with the certificate until this morning. At work, the certificate started failing. I did a certificate refresh several times, cleared the browser and tests on several office devices and the error continues to appear.

EDIT: Now I reinstalled Cloudron but with manual settings for the domain with a Polish provider and it works fine so far. The certificate generates and displays without error. We will see in a few hours.

matix131997

@girish
I seem to have found the cause. It is probably related to the API of the domain providers. I did a test with 3 providers.

Hetzner DNS - no problem
GoDaddy - problem
Manual (domeny.tv) - no problem

EDIT: Sorry for the edit. One more test I did I used the domain that is in GoDaddy, having my.yyy.xxx-xxx.tld for manual settings. An error appears with the certificate! I have a feeling it's a problem with GoDaddy DNS or by the "-" in the domain.

jdaviescoates

@matix131997 said in Let's Encrypt Didn't seem to auto-renew:

GoDaddy,

Sounds like yet another reason to avoid GoDaddy like the plague

henry000

In my case, my certificate failed because when Let's Encrypt was trying to confirm the TXT records with my domain manager, Digital Ocean, and for some reason, the TXT record content had double-quotes around them. So I had to login to Digital Ocean, find the TXT record, and updated it by removing the double-quotes at start and end.

I found out this by logging into my Cloudron dashboard - which is expired - using a browser that allowed me to do that. Once I logged in to the dashboard, I renewed the certificate manually. While it was failing (due to extra double-quotes), I opened the log and inspected it, and was able to see that the double-quotes were causing the issue.

girish

@henry000 the problem is already fixed in 7.6. Are you on Cloudron 7.6 ?