ERR_TLS_CERT_ALTNAME_INVALID again?

@joseph Thank you for your quick help and response!

Yes, it does.

Hi there,

I found the following messages in my mail log:

Jan 27 13:26:26 [INFO] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1] [core] hook=queue plugin=cloudron function=queue_inbound params="" retval=OK msg="Message Queued (1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1)"
Jan 27 13:26:26 [NOTICE] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1] [core] queue code=OK msg="Message Queued (1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1) (1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1)"
Jan 27 13:26:26 [NOTICE] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1] [core] disconnect ip=XX.XX.XX.XX rdns=XXX.de helo=XXX.de relay=N early=N esmtp=Y tls=Y pipe=Y errors=0 txns=1 rcpts=1/0/0 msgs=1/0/0 bytes=135775 lr="" time=6.721
Jan 27 13:26:26 [INFO] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1.1] [outbound] hook=get_mx plugin=cloudron function=get_mx params=ONEOFMYDOMAINS.COM retval=OK msg="{\"priority\":0,\"exchange\":\"127.0.0.1\",\"port\":2424,\"using_lmtp\":true}"
Jan 27 13:26:26 [INFO] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1.1] [outbound] secured verified=false cipher=TLS_AES_256_GCM_SHA384 version=TLSv1.3 error=ERR_TLS_CERT_ALTNAME_INVALID cn=*.CLOUDRONDOMAIN.DE organization="" issuer="Let's Encrypt" expires="Mar 21 12:12:23 2026 GMT" fingerprint=E9:3A:8F:4E:01:XXXXXXXXX:05:F0:C4:59:7B:12:36
Jan 27 13:26:27 [NOTICE] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1.1] [outbound] delivered file=1769516786845_1769516786845_0_66_zECH7t_77_0c956581fbfa domain=ONEOFMYDOMAINS.COM host=127.0.0.1 ip=127.0.0.1 port=2424 mode=LMTP tls=Y auth=N response="<SOMEONE@ONEOFMYDOMAINS.COM> iElcNfKueGnACQAAlsLRwg Saved" delay=0.174 fails=0 rcpts=1/0/0

My concerns are regarding Error ERR_TLS_CERT_ALTNAME_INVALID

cloudron-support --troubleshoot shows

root@cloudron-server:~# cloudron-support --troubleshoot
Vendor: Hetzner Product: vServer
Linux: 6.8.0-90-generic
Ubuntu: noble 24.04
Execution environment: kvm
Processor: Intel Xeon Processor (Skylake, IBRS, no TSX)
BIOS NotSpecified  CPU @ 2.0GHz x 8
RAM: 15988572KB
Disk: /dev/sda1       118G
[OK]	node version is correct
[OK]	IPv6 is enabled and public IPv6 address is working
[OK]	docker is running
[OK]	docker version is correct
[OK]	MySQL is running
[OK]	netplan is good
[OK]	DNS is resolving via systemd-resolved
[OK]	unbound is running
[OK]	nginx is running
[OK]	dashboard cert is valid
[OK]	dashboard is reachable via loopback
[OK]	No pending database migrations
[OK]	Service 'mysql' is running and healthy
[OK]	Service 'postgresql' is running and healthy
[OK]	Service 'mongodb' is running and healthy
[OK]	Service 'mail' is running and healthy
[OK]	Service 'graphite' is running and healthy
[OK]	Service 'sftp' is running and healthy
[OK]	box v9.0.17 is running
[OK]	Dashboard is reachable via domain name
[WARN]	Domain CLOUDRONDOMAIN.DE expiry check skipped because whois does not have this information

I found a very old Thread about this where claimed that it has been fixed.

Is there anything to worry about or fix?

Yes, it is set to false.
Maybe I was tricked because I had one Domain whitelisted. I don't remember if the "Register"-Link was always there. Would love to hide it.

It seems, that the disabled registration does work. Sorry for alerting...

@timconsidine thanks for checking. My install is also "older"... Is the registration link visible or invisible in your instance?

Hello,

is it just me or is there something wrong with the Vaultwarden App. I have disabled new registrations. Today after the update I realized, that there is a register link on the login page (now?). I tried to register and was successfull. Can someone confirm that registration is disabled and works as expected on their instance?

Best,
Michael

@timconsidine Yes, I did, and also did restart the App.

Hm, instead of <yourappname.domain.tld> it should be the App Id, right?
However, it failed with error that the Manifest is missing...
I uninstalled and installed the CCAI-P App again on my cloudron, but now it fails when trying to install ClouDNS Steward with this error (in fact already after Login):

Verification failed (code 1): (node:67) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
 (Use `node --trace-warnings ...` to show where the warning was created)
 Failed to list apps: Invalid token. Use cloudron login again.

I tried to install it with my private Cloudron CCAI instance, but I get this error:

[14:24:59] Repository URL provided: https://git.cloudron.io/timconsidine/cloudron-cloudns-steward
[14:24:59] Server will auto-detect default branch and construct manifest URL
[14:24:59] Starting installation process...
[14:24:59] Installation started. Streaming logs...
[14:24:59] ERROR: Failed to check installation status: The string did not match the expected pattern.

What string is it that I have to check?

@timconsidine looks like you are 100% in a flow of productivity

I like both options!

@timconsidine I tried the demo and like it, but to make it even better (not at least in comparision with Nextcloud) it should have full text search. Not sure if that is doable?

@james Thank you for clarifying

Is there anything to do to migrate from "local" linkding users to Cloudron Users?

@archos No issues on my Cloudron after updating Vaultwarden.

The Cloudron App Proxy cannot be told to “use” a specific route or VPN interface. It simply proxies traffic from the Cloudron server to a reachable IP:port. As long as the Cloudron host itself can reach that target, the proxy will work – otherwise not.

So the question is not about the App Proxy, but about routing on the Cloudron server.

I did use a reverse approach. Run a reverse ssh tunnel with port forwarding from home → Cloudron and expose the service on localhost or a private IP on the Cloudron host. The App Proxy then points to that local endpoint.

@scooke what are your concerns with Taobao Mirror?

@timconsidine No, I didn't. I installed it locally for testing, but no time to continue

Not sure if that already has been reported, but if I click on the refresh icon in the email event log page. the logs jump 2 hours back in time instead of refreshing to the current time.