When renewing certificates, IPv6 queried despite being disabled

@girish IPv6 is enabled on the server but not "in use", since some domains that are added manually don't have v6 and I don't want to run into troubles. Those are mostly Hetzner Cloud servers.

@girish exactly, it's disabled in the network view, but still tries to provision. Turns out it's not superbad, apparently it takes one minute per domain until it times out. I just had the case that I had a LAMP with a primary domain & redirect domain and a secondary domain (both apex and www) also as redirects, which nedeed to be split. So I had two minutes of downtime while removing the secondary domain and another 2 minutes of setup-time for the secondary domain on a new LAMP. However, if you have more than one redirect and change anything, that downtime grows quite quickly.

Jun 30 18:10:14 box:dns/waitfordns waitForDns: waiting for example.com to be 123.123.123.123 in zone example.com
Jun 30 18:10:14 box:dns/waitfordns waitForDns: nameservers are ["fred.ns.cloudflare.com","carol.ns.cloudflare.com"]
Jun 30 18:10:14 box:dns/waitfordns resolveIp: Checking A for example.com at 108.162.193.113
Jun 30 18:10:14 box:dns/waitfordns resolveIp: Checking A for example.com at 172.64.33.113
Jun 30 18:10:14 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS fred.ns.cloudflare.com (108.162.193.113). Expecting 123.123.123.123. Match true
Jun 30 18:10:14 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS fred.ns.cloudflare.com (172.64.33.113). Expecting 123.123.123.123. Match true
Jun 30 18:10:14 box:dns/waitfordns resolveIp: Checking A for example.com at 173.245.59.113
Jun 30 18:10:14 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS fred.ns.cloudflare.com (173.245.59.113). Expecting 123.123.123.123. Match true
Jun 30 18:10:14 box:dns/waitfordns resolveIp: Checking A for example.com at 2a06:98c1:50::ac40:2171
Jun 30 18:10:19 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 2a06:98c1:50::ac40:2171
Jun 30 18:10:25 box:dns/waitfordns isChangeSynced: NS fred.ns.cloudflare.com (2a06:98c1:50::ac40:2171) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:10:25 box:dns/waitfordns resolveIp: Checking A for example.com at 1234:5678:58::adf5:3b71
Jun 30 18:10:30 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 1234:5678:58::adf5:3b71
Jun 30 18:10:35 box:dns/waitfordns isChangeSynced: NS fred.ns.cloudflare.com (1234:5678:58::adf5:3b71) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:10:35 box:dns/waitfordns resolveIp: Checking A for example.com at 2803:f800:50::6ca2:c171
Jun 30 18:10:40 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 2803:f800:50::6ca2:c171
Jun 30 18:10:45 box:dns/waitfordns isChangeSynced: NS fred.ns.cloudflare.com (2803:f800:50::6ca2:c171) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:10:45 box:dns/waitfordns waitForDns: example.com at ns fred.ns.cloudflare.com: done
Jun 30 18:10:45 box:dns/waitfordns resolveIp: Checking A for example.com at 108.162.192.80
Jun 30 18:10:45 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS carol.ns.cloudflare.com (108.162.192.80). Expecting 123.123.123.123. Match true
Jun 30 18:10:45 box:dns/waitfordns resolveIp: Checking A for example.com at 173.245.58.80
Jun 30 18:10:45 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS carol.ns.cloudflare.com (173.245.58.80). Expecting 123.123.123.123. Match true
Jun 30 18:10:45 box:dns/waitfordns resolveIp: Checking A for example.com at 172.64.32.80
Jun 30 18:10:45 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS carol.ns.cloudflare.com (172.64.32.80). Expecting 123.123.123.123. Match true
Jun 30 18:10:45 box:dns/waitfordns resolveIp: Checking A for example.com at 2803:f800:50::6ca2:c050
Jun 30 18:10:50 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 2803:f800:50::6ca2:c050
Jun 30 18:10:55 box:dns/waitfordns isChangeSynced: NS carol.ns.cloudflare.com (2803:f800:50::6ca2:c050) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:10:55 box:dns/waitfordns resolveIp: Checking A for example.com at 1234:5678:50::adf5:3a50
Jun 30 18:11:00 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 1234:5678:50::adf5:3a50
Jun 30 18:11:05 box:dns/waitfordns isChangeSynced: NS carol.ns.cloudflare.com (1234:5678:50::adf5:3a50) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:11:05 box:dns/waitfordns resolveIp: Checking A for example.com at 2a06:98c1:50::ac40:2050
Jun 30 18:11:10 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 2a06:98c1:50::ac40:2050
Jun 30 18:11:15 box:dns/waitfordns isChangeSynced: NS carol.ns.cloudflare.com (2a06:98c1:50::ac40:2050) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:11:15 box:dns/waitfordns waitForDns: example.com at ns carol.ns.cloudflare.com: done
Jun 30 18:11:15 box:dns/waitfordns waitForDns: example.com has propagated

@girish piggybacking on that (also not a 100% sure if I or someone else asked that already): Why is it that letsencrypt is trying to get both, ipv4 and ipv6, in order to provision a certificate, even though ipv6 is disabled in Cloudron? Every time I change something with a location setting, it takes 2 minutes per (sub)domain to check, because ipv6 isn't set up and always fails.

@canadaduane cool, but it seems it's not yet available to the public

@shrey how does it work with SMTP2GO? You add a single account/address as external smtp server and can still send from all email addresses via this one?

My issue is resolved, adding a --allow-other parameter to the mount solved it, thanks @girish and @joseph

@joseph happy to, can you maybe enable chat so we can do that 1:1?

@joseph sure:

/mnt# node -e "console.log(fs.realpathSync('/mnt/media'))"
/mnt/media

Can only speak for my issue, not a symlink:

/mnt# ls -la
total 12
drwxr-xr-x  4 root root 4096 Jun  9 09:21 .
drwxr-xr-x 23 root root 4096 Dec 17 11:10 ..
drwxr-xr-x  1 root root    0 Jun  9 09:22 media
drwxr-xr-x  2 root root 4096 Dec 17 11:31 volumes

Your command doesn't fail, but doesn't give any output either.

Also getting that message, but on a different use-case. I'm trying to add a (sftp) rclone mount to Cloudron. Mounting and browsing works fine, but when trying to add it as a volume, it says hostPath must be a realpath without symlinks. Is that not supported?

You could just switch to "Manual" provider in the domain settings, that should do it.

Just chiming in here because I ran into a CORS error as well. Solution was not a missing env var, it was activating the workflow - because without that, the URL didn't exist yet and threw the various errors.

I packaged 3proxy a long time ago. It was working fine, but I eventually didn't need it anymore, so it has been unmaintained. It might need some love since many things changed in Cloudron (probably a better way to do healthchecks), but it will likely be easy to update to the latest version and make it work. It could do both, http and socks5: https://git.cloudron.io/msbt/3proxy-app

For me this happens because of the long names of external mounted volumes, they make the container grow so wide that it doesn't fit next to the graphs container. I mentioned it once in a chat with @nebulon but I guess it didn't make the todolist

If you plan to use them for Cloudron, the pitfall might be LXC/LXD. I'm guessing Cloudron doesn't run on that environment.

Yap, sounds like a job for the LAMP app

@nebulon can you also test it it multiple domains? I remember having issues with that a while back

@andreasdueren nice, happy to give it a try, which version did you pack?

A standalone, fully customizable PostgreSQL would be nice indeed, I have a use-case where the timescaledb extension is required, has anyone tried that before?

@potemkin_ai said in Authorization via temporary password (numbers) on e-mail:

@msbt , can I easily replace Cloudron's auth with Keycloak, keeping all other applications running, without my intervention?

I wasn't sure whether that was for Cloudron or some external app, since it was initially posted in "Discuss". Unsure if you could make it your primary thing for auth with Cloudron, my experience with it is rather minimal, just mentioned it because it crossed my desk the other day