Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DO] Certificate expired error #37

Open
bhavya-cloudaeye opened this issue Oct 16, 2021 · 12 comments
Open

[DO] Certificate expired error #37

bhavya-cloudaeye opened this issue Oct 16, 2021 · 12 comments
Labels
bug Something isn't working

Comments

@bhavya-cloudaeye
Copy link

bhavya-cloudaeye commented Oct 16, 2021
edited
Loading

Describe the bug

I hosted Meilisearch on digital ocean using the one-click app from the marketplace. I followed the instructions on the ssh console and quickly set up domain name and SSL in minutes. Thanks for that !

However within few days (around a week), some of my app users started running into the certificate expired issue. When I login into my droplet and check for renewal using certbot, I see no certificate pending renewal.

Not sure what causes this issue. PFA the screenshot attached for the same. Please also let me know if I need to provide any information or file contents from my droplet.

Screenshot_2021-10-09-16-52-28-379_in cng ecoconnect

Regards,
Bhavya
@curquiza
Copy link
Member

Hello @bhavya-cloudaeye
I'm moving the issue to the meilisearch-digitalocean repository :)

@curquiza curquiza transferred this issue from meilisearch/meilisearch Oct 16, 2021
@alallema
Copy link
Contributor

alallema commented Oct 18, 2021
edited
Loading

Hi @bhavya-cloudaeye,
Sorry, you had trouble with your certificates, normally Cerbot is configured to renew certificates automatically.
Can you give me the logs letsencrypt? They should be in /var/log/letsencrypt/.
Thanks

@bhavya-cloudaeye
Copy link
Author

bhavya-cloudaeye commented Oct 19, 2021
edited
Loading

Hi @alallema thank you for the response. PFA the log files attached.
Also my concern is how can certificate expired within few days (around 10 days), when the validity of the cert shows for a longer duration.
And even after manual renewal using certbot commands, the issue still remained.

Regards,
Bhavya

letsencrypt.log
letsencrypt1.log
letsencrypt2.log
letsencrypt3.log
letsencrypt4.log

@alallema
Copy link
Contributor

Hi @bhavya-cloudaeye,
So good news you get a new certificate cf:letsencrypt4.log:

2021-09-25 04:52:12,375:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/search2.cngecoconnect.in/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/search2.cngecoconnect.in/privkey.pem
Your cert will expire on 2021-12-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew"

You can renew your certificate, Letsencrypt renews certificates when there are less than 30 days remaining in its valid life if I'm not wrong.
Normally you need to restart or reload your server so it could use the new certificate.

@bhavyalatha26
Copy link

Hi @alallema ,

Thats the issue. The certificate expired error comes even though certificate is never expired.

I started getting this error in a week after my first prod deployment to digital ocean. I still manually renewed the certificate (though it never expired). It dint help.

For now I am serving it via http in production to avoid the error.

Regards,
Bhavya.

@alallema
Copy link
Contributor

Hi @bhavyalatha26,
Sorry, I totally misunderstood.
Can you try this command and tell me what it say:
certbot certificates
Also, Letsencrypt has 2 folders:
/etc/letsencrypt/live/my-site.com (with symlinks)
/etc/letsencrypt/archive/my-site.com (with real certs).
You can check if the live folder gets the link to the good certs.

@bhavyalatha26
Copy link

Hi @alallema

Output of certbot certificates :

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: search2.cngecoconnect.in
    Domains: search2.cngecoconnect.in
    Expiry Date: 2022-01-12 06:03:41+00:00 (VALID: 75 days)
    Certificate Path: /etc/letsencrypt/live/search2.cngecoconnect.in/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/search2.cngecoconnect.in/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

@alallema
Copy link
Contributor

Hi @bhavyalatha26,
Sorry for the delay I was on holiday, your problem could be linked to this issue and if it's not I must confess that I don't know where the problem comes from.

@alallema
Copy link
Contributor

alallema commented Dec 6, 2021

Hi @bhavyalatha26,
Did you finally find out what the problem was? I would be interested to know if you have found where this could come from.
Thanks

@bhavya-cloudaeye
Copy link
Author

bhavya-cloudaeye commented Dec 6, 2021 via email

@alallema alallema added the bug Something isn't working label Apr 8, 2022
@waleedbhatti
Copy link

@bhavya-cloudaeye were you able to find a solution? Facing the same issue.

@alallema
Copy link
Contributor

alallema commented May 9, 2023

Transfer of this issue to the cloud-provider project due to its depreciation

@alallema alallema transferred this issue from meilisearch/meilisearch-digitalocean May 9, 2023
@alallema alallema changed the title Certificate expired error on Digital Ocean [DO] Certificate expired error May 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bhavyalatha26 @alallema @curquiza @waleedbhatti @bhavya-cloudaeye