[SOLVED] Impossible to renew SSL certificate
When I try to open certificate details I see the expiration date ("Expire le" in French) is yesterday...
PS: I upgraded my server dependencies to latest
I tried to upgrade to Appwrite 1.3.8, then relaunch the server.
What version were you on before upgrade? And did you run the migrate command after upgrading?
When I force refresh to my website I see this window... with the error "NET::ERR_CERT_DATE_INVALID"
So you're not seeing the connection reset error anymore?
When I try to open certificate details I see the expiration date ("Expire le" in French) is yesterday
This error/warning page is expected if you don't have a valid certificate
What version were you on before upgrade? And did you run the migrate command after upgrading? I was on 1.3.7, yes I did a migration, and see no error
So you're not seeing the connection reset error anymore? No only
NET::ERR_CERT_DATE_INVALIDπ
This error/warning page is expected if you don't have a valid certificate Hum yeah, it seems regeneration of certificate failed...
could you please DM me your domain?
can you check this file in the certificate container?
/var/log/letsencrypt/letsencrypt.log
βΉοΈ New update βΉοΈ
I tried to run ssl certificate generation manually using
docker-compose exec appwrite ssl
Here is the logs after:
appwrite-worker-certificates | Appwrite certificates worker v1 has started
appwrite-worker-certificates | [notice] Starting worker 2dfbbfa38cc2:7:v1-certificates
appwrite-worker-certificates | [notice] Starting work on (Job{v1-certificates} | ID: 31b34d2ca3ea945502f8eda5fc35a769 | CertificatesV1 | [{"project":null,"domain":{"domain":"my-domain.com"},"skipRenewCheck":true}])
appwrite-worker-certificates | Cannot renew domain (my-domain.com) on attempt no. 7 certificate: Failed to issue a certificate with message: Saving debug log to /var/log/letsencrypt/letsencrypt.log
appwrite-worker-certificates | Some challenges have failed.
appwrite-worker-certificates | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
appwrite-worker-certificates |
appwrite-worker-certificates | [notice] (Job{v1-certificates} | ID: 31b34d2ca3ea945502f8eda5fc35a769 | CertificatesV1 | [{"project":null,"domain":{"domain":"my-domain.com"},"skipRenewCheck":true}]) has finished
Hum how I can access it ? It is under the Docker volume ?
nvm. the error is there in the logs you showed:
appwrite-worker-certificates | Some challenges have failed.
you're replacing your actual domain from these logs right? these aren't the exact logs?
Yes !
anything in the appwrite logs?
do you happen to have access logs enabled on traefik?
What do you mean, you mean logs inside the docker container appwrite-traefik ?
If yes, I see nothing at all inside ...
Ok so I think this is this log you need π
docker-compose logs appwrite
Results:
appwrite | Worker 2 started successfully
appwrite | Worker 1 started successfully
appwrite | Worker 3 started successfully
appwrite | Worker 6 started successfully
appwrite | Worker 4 started successfully
appwrite | Worker 5 started successfully
appwrite | Worker 7 started successfully
appwrite | Worker 8 started successfully
appwrite | Worker 9 started successfully
appwrite | Worker 10 started successfully
appwrite | Worker 11 started successfully
appwrite | Worker 12 started successfully
appwrite | [Setup] - Server database init started...
appwrite | [Setup] - Creating database: appwrite...
appwrite | [Setup] - Server database init completed...
appwrite | Server started successfully (max payload is 6,291,456 bytes)
appwrite | Master pid 1, manager pid 7
appwrite | Skipping SSL certificates generation on ACME challenge.
appwrite | Skipping SSL certificates generation on ACME challenge.
appwrite | Skipping SSL certificates generation on ACME challenge.
so it does look like appwrite is receiving the acme challenge...
ok anything new in the certificates and appwrite logs?
yes, but, by default, the access logs are disabled so there owuldn't be much in the logs
weird....i wonder if hetzner has some block on letsencrypt π§
Strange it worked fine 1 week ago ...
Do you use zen or rbl or any sort of firewall or IP filtering?
Letsencrypt could have been blocked between the time your certificate was last generated and it expired
Nothing at all :/ I checked on Hetzner and I have no Firewalls...
[SOLVED] Impossible to renew SSL certificate
