Let's Encrypt Didn't seem to auto-renew
-
Hi Everyone ---
I received an automated email on Jan 6 telling me to renew my Let's Encrypt certificate. I ignored it because it has always auto-renewed. It didn't. And, on the 13th, I found myself unable to connect to Cloudron/Apps. I don't know what to do from here. Any idea why it didn't auto-renew and what I can do to move forward?
Thanks very much!
-
Take a look at the documentation first.
You should be able to use the dashboard with the fallback cert and hit the button for manual renewal.
-
I ran into the same thing today and noticed some of my apps had an expired cert. I just had to go to each app's settings page > Location > Save. That did it for me.
-
I had a similar issue: the certificate was actually renewed (as evidenced by crt.sh), but the old one expired today, causing certificate errors on my website.
Restarting the app fixed that, but that should happen automatically after renewal, I think.
In case it matters, I was using the Surfer app (io.cloudron.surfer@5.17.8), on Cloudron v7.3.4 (Ubuntu 18.04.4 LTS)
-
I had the same issue had to restart cloudtron (incognito mode works to get you in). Then restart the apps
-
Wouldn't you know it, I also had a similar issue recently - went to an app and suddenly it wouldn't load. A bunch of others too. I didn't know the trick that @humptydumpty shared, so I just pressed the button on the main Domain tab on the Dashboard to renew ALL the certs, and suddenly more weren't loading. I checked the logs, and I had a domain in there that didn't have an AAAA record, and was thus stalling ALL the renewals. The thing is, I'm certain many of the other domains also don't have an AAAA record. Maybe because the one in question is an IDN? Anyways, I figured out the IPv6 address and made a new AAAA record, and voila! Everything is back to normal.
-
@staff
@nebulon you remember? I had the same issue with multiple Cloudron servers.Okay, check if your Cloudron is still running Ubuntu 18.X.
If so check thebox.service
for errors, if there is an error with the note of:Jan 09 17:15:00 ubuntu-2gb-fsn1-2 systemd[1]: Reload failed for Cloudron Admin. Jan 09 17:15:03 ubuntu-2gb-fsn1-2 sudo[30793]: pam_unix(sudo:session): session opened for user root by (uid=0) Jan 09 17:15:04 ubuntu-2gb-fsn1-2 systemd[1]: Reloading Cloudron Admin. Jan 09 17:15:04 ubuntu-2gb-fsn1-2 sudo[30793]: pam_unix(sudo:session): session closed for user root Jan 09 17:15:09 ubuntu-2gb-fsn1-2 systemd[30858]: box.service: Failed to execute command: No such file or directory Jan 09 17:15:09 ubuntu-2gb-fsn1-2 systemd[30858]: box.service: Failed at step EXEC spawning /usr/bin/kill: No such file or directory Jan 09 17:15:09 ubuntu-2gb-fsn1-2 systemd[1]: box.service: Control process exited, code=exited status=203 Jan 09 17:15:09 ubuntu-2gb-fsn1-2 systemd[1]: Reload failed for Cloudron Admin.
On Ubuntu 18 it seems there is no
/usr/bin/kill
just/bin/kill
then also check your/home/yellowtent/platformdata/CRON_SEED
The firstint
is the hour of the day.
Mine was16:8
with the 1 hour diff of wrong timezone this matched up to the box crash.Also please check if the renew log has anything inside, for me it was total empty.
So to everyone having this issue, please report if you are using Ubuntu 18 and if so your
box.service
has the same error. -
@BrutalBirdie right that
kill
fix will be part only for next release, however we have by now also seen Cloudrons on Ubuntu 20 hitting a cert renew or reload issue. So its only part of the fix it seems. -
Iām on v7.3.4 (Ubuntu 22.04.1 LTS), contabo vps, automated cloudflare dns w/ no proxying enabled.
-
If anyone with this situation, can contact us on support@cloudron.io, I think we debug this further. I check around 20 servers we have access to but they seem to updating the certs just fine. Maybe some specific cert provider is having issues.
-
@jdaviescoates that's a good pivoting data point @jdaviescoates , mine is a wildcard setup too. Likely something specific to that branch of code..
-
-
I can confirm the issue. Certificate of other domains added to Cloudron aren't renewed. Primary domain seems to be renewed.
Some certs are due 4 days. Good thing I had alerts enabled so I got notified.
Domain provider is Wildcard. Both domain.tld and *.domain.tld point to the cloudron (since last 1-2 years).
Renew all Certs shows "Configuring apps .. or something" and the progressbar disappears.
- "Show Logs" shows empty window.
- Download full logs -> 1 byte empty file
-