Hey, I'm looking for API to specify a custom wildcard SSL certificate for the whole domain - something, I can currently do via dashboard only.
Cloudron currently offers per app APIs, but not for the domain.
P
potemkin_ai
@potemkin_ai
Posts
-
API for SSL certificate per domain -
Why ExtraHosts in Docker pushed as `172.18.0.1`?Yeah, I know what that IP is
WAF -> nginx -> cloudron apps
So, if WAF manages the SSL, connection to nginx will fail
-
API for SSL certificate per domainI did some reverse engineering - here is the bash, for anyone curious:
DOMAIN="mysuper-domain.com" TOKEN="bla-bla" #cloudron's token cd /var/db/acme/certs/*.${DOMAIN}_ecc CERT=$(awk 'NF {printf "%s\\n", $0}' fullchain.cer) KEY=$(awk 'NF {printf "%s\\n", $0}' "*.${DOMAIN}.key") curl -X POST "https://my.${DOMAIN}/api/v1/domains/${DOMAIN}/config" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{ \"zoneName\": \"${DOMAIN}\", \"provider\": \"manual\", \"config\": {}, \"tlsConfig\": { \"provider\": \"fallback\" }, \"fallbackCertificate\": { \"cert\": \"${CERT}\", \"key\": \"${KEY}\" } }"verify with
openssl s_client -showcerts -connect IP:443 -servername my.${DOMAIN}.net| less -
API for SSL certificate per domainI believe the API is actually there (as I can change the certificate via the Dashboard), but it's not documented? If so - could you possibly share the correct structure, please?
-
API for SSL certificate per domainCloudron currently allows to manage SSL certificates per app, but not per domain - could you please, implement that endpoint as well, please?
As Wildcard domains are now becoming a shorter period of life, manual management is quite troublesome.
-
Why ExtraHosts in Docker pushed as `172.18.0.1`?or, could you just make it optional?
In my specific case I just commented out the string to let the apps running.
-
Why ExtraHosts in Docker pushed as `172.18.0.1`?if (manifest.id !== 'com.adguard.home.cloudronapp') containerOptions.HostConfig.ExtraHosts.push(`${dashboardFqdn}:172.18.0.1`);in docker.js:698 you have the code from below - I understand you are trying to work around the cases, when my.domain.com is defined via /etc/hosts to be something weird.
But why don't you push the public IP address?
In my specific case, Cloudron is behind a kind of WAF and that WAF is taking care on the SSL certificates, so any connections to
172.18.0.1are just failing due to SSL issues (and Synapse, for example, can't start due to OIDC issue).And a question/ask: can you change that to the Cloudron IP please? It shouldn't be difficult, as you it as a variable already.
-
Backup is failing for UpTime Kuma on 9.0.15Thanks!!
-
Automated server reboot@inibudi , it is; but I've optimized it down to a single crontab entry:
crontab -l 48 2 * * * /bin/sh -c '[ -f /var/run/reboot-required ] && sudo shutdown -r now' -
Can't connect to NextCloud consoleI do have a subscription. Just yesterday I've figured out the problem is with HTTP 2 protocol that is failing on the hand-over; disabling it on the proxy and leaving with HTTP 1.1 works just fine, as the protocol do the fallback from H2 to WebSocket over HTTP 1.1, which works just fine.
-
Can't connect to NextCloud consoleyou should have mentioned earlier
@james I wish I was aware that it is the problem!
The whole cloudron is behind a haproxy that does TCP level proxy. From my understanding it should not affect, as it's one level below the HTTP(S) and WebSocket is above HTTPS.
And the console doesn't seem to work for all apps terminals.
Any ideas how to narrow down the root cause?
-
Backup is failing for UpTime Kuma on 9.0.15@nebulon thank you. And yes - I understand why the work-around required. If you don't mind sharing the source code to read the logic exactly?
I've been wondering on the best way to achieve that, but never seen any good practical approach - would love to see how you are approaching that, without a container shutdown, if you don't mind sharing of course.
If that's too complicated - never mind and please, feel free to close the issue - the question now is purely to satisfy my curiosity.
-
Backup is failing for UpTime Kuma on 9.0.15Thank you, that fixed the issue.
There been no logs in the container.Any ideas what is the nature of the sqlite container for uptime kuma? I've been under impression that sqlite requires no server side...
-
Can't connect to NextCloud consoleHello, @james . Thanks!
For anyone wondering of the same - the best way is the following commands - from any other computer, then the server.
npx cloudron login my.precious.com npx cloudron list npx cloudron exec --app $id--tty(no need to install anything globally)
Nothing at the box.log, I'm getting the following error from the cli:
npx cloudron exec --app e085a31f-7f7f-40ff-ae95-056766d2781d --tty Could not upgrade connection to tcp. http status: 502And here is the nginx log entries:
IP - - [21/Jan/2026:14:18:03 +0000] "GET /api/v1/apps/e085a31f-7f7f-40ff-ae95-056766d2781d HTTP/2.0" 200 7965 "-" "-" IP - - [21/Jan/2026:14:18:03 +0000] "POST /api/v1/apps/e085a31f-7f7f-40ff-ae95-056766d2781d/exec HTTP/2.0" 200 78 "-" "-"The Cloudron is behind a proxy, but I can't see any WebSocket related restrictions.
-
Backup is failing for UpTime Kuma on 9.0.15@nebulon there seems to be none of the dead ones:
ubuntu@cloudron:~$ sudo docker ps -a | grep sqlite | wc -l 1 ubuntu@cloudron:~$ sudo docker ps -a | grep sqlite bbb52ef9e686 cloudron/louislam.uptimekuma.app:202511081423470000 "sqlite3 /app/data/d…" 2 weeks ago Created sqlite-be0be218-57bf-427b-abb6-b7660943eaf6There are not that much non-running containers - only 2 nextcloud workers with
exit(0)and another service, that I have stopped explicitely. -
Can't connect to NextCloud console@nebulon will do, thanks.
Could you please, tell me - what
cloudron execdoes? Never used it - only using WebUI and ssh command lines on the server, in those rare cases, when got to check something. -
Can't connect to NextCloud consoleand that is happening not only for NextCloud actually, I just didn't notice!
-
Can't connect to NextCloud console@nebulon I do:
terminal-c5ikyfn6.js:6307 WebSocket connection to 'wss://my.server.com/api/v1/apps/e075a2fe-7f7f-40ff-ae12-056766d2780d/exec/d7f60f4a9d5d72e7ced6aaf3d0f035fbe98c397f37690fe99ddcba72b0539d97/startws?tty=true&rows=25&columns=183&access_token=a8uNp2OOgZpy_00xcyYa3gKGGAb8SQGO0B6-Tydok3k' failed: connect @ terminal-c5ikyfn6.js:6307 terminal-c5ikyfn6.js:6322 Socket error. Reconnecting... Event {isTrusted: true, type: 'error', target: WebSocket, currentTarget: WebSocket, eventPhase: 2, …} terminal-c5ikyfn6.js:6317 Socket closed. Reconnecting... -
Backup is failing for UpTime Kuma on 9.0.15Yep - it does.
Stop & start didn't help, unfortunately. -
Can't connect to NextCloud consoleHey, James. Quite a while ago. Don't you want to figure out the root cause?
I can and certainly will reboot the server one day.