[Bug] Renewing SSL certificate is not automatic anymore

Hello all, It will be the second time I need to renew my SSL certificate manually. I don't understand why It's not done automatically. Here is how I proceed to renew it:

• Connect over SSH
• Run the command docker compose exec appwrite ssl
• Restart my server docker compose down && docker compose up -d

Here is the logs of the command docker compose logs appwrite-worker-certificates

appwrite-worker-certificates  | [Worker] Worker 0 is ready!
appwrite-worker-certificates  | Worker certificates  started
appwrite-worker-certificates  | [Job] Received Job (67980bccddbdb6.60828320).
appwrite-worker-certificates  | Cannot renew domain (my.app.com) on attempt no. 3 certificate: Renew isn't required.
appwrite-worker-certificates  | [Job] (67980bccddbdb6.60828320) failed to run.
appwrite-worker-certificates  | [Job] (67980bccddbdb6.60828320) Renew isn't required.
appwrite-worker-certificates  | Using deprecated logging configuration. Please update your configuration to use DSN format.Unable to parse DSN: scheme is required
appwrite-worker-certificates  | [Error] Type: Exception
appwrite-worker-certificates  | [Error] Message: Renew isn't required.
appwrite-worker-certificates  | [Error] File: /usr/src/code/src/Appwrite/Platform/Workers/Certificates.php
appwrite-worker-certificates  | [Error] Line: 152

So my question is why the renew is not done automatically and I need to wait to the expiration date to renew it? Thanks :appwritepeepo:

Hello, any news about it? Thanks 🙏

Bump :appwriteupvote:

Renew should be done automatically as far as I know

Thanks for your answer, but it's not working anymore and I don't know why, do you have any clues?

Do you have cloudflare in front or something similar?

I think that error is thrown because the certificate is valid

I think ssl still valid on the error log or there is wrong config in DNS

No, nothing like that

Yes, when I manually run the command ssl it will detect that the SSL certificate is still valid (normal).

But this is the second time my server got an SSL invalid and I need manually to trigger the ssl command to update it

And that's the error you get?

If it happens again, send the logs before triggering the renew command

Yeah exactly!

@D5

Okay so 3 months later, my SSL certificate is about to expire again, as you can see, it expire today in a few hours :/ (janvier -> january, avril -> april) So it seems the SSL regeneration was not working at all I will need to trigger it manually.

Do you have some clues to debug this before I did it manually? Thanks in advance!

Here is the logs of docker compose logs appwrite-worker-certificates

appwrite-worker-certificates  | [Worker] Worker 0 is ready!
appwrite-worker-certificates  | Worker certificates  started
appwrite-worker-certificates  | [Worker] Worker 0 is ready!
appwrite-worker-certificates  | Worker certificates  started

Interesting. This certificate is behind cloudflare or something similar?

Also, is the domain env variable set to this domain? Or it's from a function, etc?

Always upgraded like recommended (1.2.X->1.3.X->...)

I also have theses props like mentionned here: https://appwrite.io/docs/advanced/self-hosting/tls-certificates

_APP_ENV=production
_APP_SYSTEM_SECURITY_EMAIL_ADDRESS=email@gmail.com

Pinging @Steven too as he helped me on a SSL subject too (https://discord.com/channels/564160730845151244/1130897145147445340)

Thanks for the help guys 😇👍

New details about the issue @D5

Here is the log of the command : docker compose logs appwrite-task-maintenance

appwrite-task-maintenance  | Found 1 projects 0.012397050857544 seconds
appwrite-task-maintenance  | [2025-04-24 09:42:00.387] No certificates for renewal.
appwrite-task-maintenance  | [2025-04-25 09:42:00.390] Notifying workers with maintenance tasks every 86400 seconds
appwrite-task-maintenance  | Found 1 projects 0.015981912612915 seconds
appwrite-task-maintenance  | [2025-04-25 09:42:00.406] No certificates for renewal.
appwrite-task-maintenance  | [2025-04-26 09:42:00.411] Notifying workers with maintenance tasks every 86400 seconds
appwrite-task-maintenance  | Found 1 projects 0.018476963043213 seconds
appwrite-task-maintenance  | [2025-04-26 09:42:00.430] No certificates for renewal.
appwrite-task-maintenance  | [2025-04-27 09:42:00.434] Notifying workers with maintenance tasks every 86400 seconds
appwrite-task-maintenance  | Found 1 projects 0.015896081924438 seconds
appwrite-task-maintenance  | [2025-04-27 09:42:00.450] No certificates for renewal.

So Appwrite think there is no necessicity to renew the SSL certificate?? It seems there is a problem checking but not trigerring the maintenance task

EDIT:

So I executed manually docker compose exec appwrite ssl because I'm running out of time and don"t want my server to be KO 😆

Here is the result of the command: Scheduling a job to issue a TLS certificate for domain: api.radion-app.com so it seems to be correct, with correct domain name.

Doing docker compose logs appwrite-worker-certificates Return me :

appwrite-worker-certificates  | [Worker] Worker 0 is ready!
appwrite-worker-certificates  | Worker certificates  started
appwrite-worker-certificates  | [Worker] Worker 0 is ready!
appwrite-worker-certificates  | Worker certificates  started
appwrite-worker-certificates  | [Job] Received Job (680e3429d595a8.40285442).
appwrite-worker-certificates  | [Job] (680e3429d595a8.40285442) successfully run.

And the certificate is now valid until July.

So my guess is there are an issue (a bug?) inside the appwrite-task-maintenance which do not detect the certificate which is near to expire. What do you think guys @Steven @D5 ?

Thanks 🙂

Hmm maybe, maybe it's a database issue too 🤔

Maybe but what is the relation between the certificate and the database?

I created an issue on Github here: https://github.com/appwrite/appwrite/issues/9694

[Bug] Renewing SSL certificate is not automatic anymore